Solaris 9 authentication and access control into Active Directory

From: Ron Ogle (ogler_at_tce.com)
Date: 09/12/04

  • Next message: Herman Sheremetyev: "Re: allowing ordinary users to open privileged ports"
    Date: Sun, 12 Sep 2004 16:10:47 -0500
    To: focus-sun@securityfocus.com
    
    

    Has anyone out there been very successful with completely integrating
    Solaris 9 into Microsoft's Active Directory? This is what I'm hoping to do:

    1. Use Kerberos on Solaris 9 via PAM to authenticate to AD using the
    Windows username/password.
    2. Use LDAP through NSS to get /etc/passwd and /etc/group type data from AD.
    3. Use Solaris RBAC to group the Windows userids into roles that will
    manage the systems.
    4. Have a very difficult root password (hopefully using MD5) on the
    local machine in case AD is not available. I will use this
    authentication only as a last resort.

     From what I've read the MIT version of Kerberos works better with AD,
    but the Solaris SEAM version of Kerberos works better with Solaris.
     From someone who's been there done that, MIT or SEAM?

    I've read the Microsoft document on integrating Unix into Windows 2003.
      They either have SFU or recommend purchasing VAS. I know that there
    is also PAM SMB authentication, but I don't believe that I want to do that.

    Thanks
    Ron Ogle


  • Next message: Herman Sheremetyev: "Re: allowing ordinary users to open privileged ports"

    Relevant Pages

    • Re: Solaris Pam_krb5.so.1 problem after installing MIT 1.6.3
      ... I am actually using kerberos for authenticating logins through ssh. ... Because I had no DNS entry for this Solaris box I was getting the ... The Samba configure script was bombing ... Since I upgraded Samba and added the DNS entry I can successfully login ...
      (comp.protocols.kerberos)
    • RE: Solaris Pam_krb5.so.1 problem after installing MIT 1.6.3
      ... I am actually using kerberos for authenticating logins through ssh. ... This is indicative of DNS issues according to the Solaris Kerberos ... The Samba configure script was bombing ... Since I upgraded Samba and added the DNS entry I can successfully login ...
      (comp.protocols.kerberos)
    • Re: Troubles with Kerberized NFS: Solaris8-client to Solaris8-server
      ... Are you using MIT clients like kinit on the Solaris 8? ... The gssd would be using the Solaris 8 Kerberos. ... 96-bit SHA-1 HMAC) ...
      (comp.protocols.kerberos)
    • Re: Openssh, kerberos and Solaris 10
      ... Basically I'd like to compile OpenSSH with Kerberos support on Solaris ... Solaris 10 comes with SEAM, ... be making the Kerberos lib API public in an upcoming Solaris 10 update. ...
      (comp.protocols.kerberos)
    • Re: Openssh, kerberos and Solaris 10
      ... Basically I'd like to compile OpenSSH with Kerberos support on Solaris ... Solaris 10 comes with SEAM, ... be making the Kerberos lib API public in an upcoming Solaris 10 update. ...
      (comp.protocols.kerberos)