Solaris 9 authentication and access control into Active Directory
From: Ron Ogle (ogler_at_tce.com)
Date: 09/12/04
- Previous message: Brian Parent: "Re: allowing ordinary users to open privileged ports"
- Next in thread: Myers, Mike: "RE: Solaris 9 authentication and access control into Active Directory"
- Maybe reply: Myers, Mike: "RE: Solaris 9 authentication and access control into Active Directory"
- Reply: Erwin Fritz: "Re: Solaris 9 authentication and access control into Active Directory"
- Maybe reply: Jas Amidzic: "Re: Solaris 9 authentication and access control into Active Directory"
- Reply: Reg Quinton: "Re: Solaris 9 authentication and access control into Active Directory"
- Maybe reply: Myers, Mike: "RE: Solaris 9 authentication and access control into Active Directory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 12 Sep 2004 16:10:47 -0500 To: focus-sun@securityfocus.com
Has anyone out there been very successful with completely integrating
Solaris 9 into Microsoft's Active Directory? This is what I'm hoping to do:
1. Use Kerberos on Solaris 9 via PAM to authenticate to AD using the
Windows username/password.
2. Use LDAP through NSS to get /etc/passwd and /etc/group type data from AD.
3. Use Solaris RBAC to group the Windows userids into roles that will
manage the systems.
4. Have a very difficult root password (hopefully using MD5) on the
local machine in case AD is not available. I will use this
authentication only as a last resort.
From what I've read the MIT version of Kerberos works better with AD,
but the Solaris SEAM version of Kerberos works better with Solaris.
From someone who's been there done that, MIT or SEAM?
I've read the Microsoft document on integrating Unix into Windows 2003.
They either have SFU or recommend purchasing VAS. I know that there
is also PAM SMB authentication, but I don't believe that I want to do that.
Thanks
Ron Ogle
- Previous message: Brian Parent: "Re: allowing ordinary users to open privileged ports"
- Next in thread: Myers, Mike: "RE: Solaris 9 authentication and access control into Active Directory"
- Maybe reply: Myers, Mike: "RE: Solaris 9 authentication and access control into Active Directory"
- Reply: Erwin Fritz: "Re: Solaris 9 authentication and access control into Active Directory"
- Maybe reply: Jas Amidzic: "Re: Solaris 9 authentication and access control into Active Directory"
- Reply: Reg Quinton: "Re: Solaris 9 authentication and access control into Active Directory"
- Maybe reply: Myers, Mike: "RE: Solaris 9 authentication and access control into Active Directory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
