Solaris 9 authentication and access control into Active Directory

From: Ron Ogle (ogler_at_tce.com)
Date: 09/12/04

  • Next message: Herman Sheremetyev: "Re: allowing ordinary users to open privileged ports"
    Date: Sun, 12 Sep 2004 16:10:47 -0500
    To: focus-sun@securityfocus.com
    
    

    Has anyone out there been very successful with completely integrating
    Solaris 9 into Microsoft's Active Directory? This is what I'm hoping to do:

    1. Use Kerberos on Solaris 9 via PAM to authenticate to AD using the
    Windows username/password.
    2. Use LDAP through NSS to get /etc/passwd and /etc/group type data from AD.
    3. Use Solaris RBAC to group the Windows userids into roles that will
    manage the systems.
    4. Have a very difficult root password (hopefully using MD5) on the
    local machine in case AD is not available. I will use this
    authentication only as a last resort.

     From what I've read the MIT version of Kerberos works better with AD,
    but the Solaris SEAM version of Kerberos works better with Solaris.
     From someone who's been there done that, MIT or SEAM?

    I've read the Microsoft document on integrating Unix into Windows 2003.
      They either have SFU or recommend purchasing VAS. I know that there
    is also PAM SMB authentication, but I don't believe that I want to do that.

    Thanks
    Ron Ogle


  • Next message: Herman Sheremetyev: "Re: allowing ordinary users to open privileged ports"