RE: Solaris 9 authentication and access control into Active Direc tory

From: Ted Rodriguez-Bell (tedrb_at_WellsFargo.COM)
Date: 09/17/04

  • Next message: Reg Quinton: "Re: Solaris 9 authentication and access control into Active Directory"
    Date: Fri, 17 Sep 2004 11:48:28 -0700
    To: focus-sun@securityfocus.com
    
    

    I'll second Mr. Myers' endorsement of Vintela's VAS. We have an
    environment that's a mix of Sun, HP-UX, AIX, and Linux. HP 11.0
    doesn't have PAM at all and the support in 11.11 is weak; AIX 5.1 is
    also problematic.

    VAS works pretty well across all of them. We've had some problems but
    have had no show stoppers, and Vintela's support has been excellent.

    Ted Rodriguez-Bell
    Wells Fargo Services

    -- 
    Company policy requires:  This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein.  If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message.  Thank you for your cooperation.
    Myers, Mike wrote:
     > We have been looking at a similar project except that it needs to be
     > cross platform (Solaris and HP-UX).
     > 
     > We found some limitations in the SEAM product (and to be honest, HP's
     > product as well) in that if the user was in too many Windows group the
     > PAC (Privilege Access Certificate?) which gets tagged onto the end of
     > the Kerberos ticket by AD causes the ticket to exceed the size that will
     > fit in a single UDP packet.  The AD server would return an error
     > (52/0x34) which SEAM said was "undefined" because it was at the time
     > SEAM last pulled source from MIT but has subsequently been defined as
     > "RESPONSE_TOO_BIG."  The client is supposed to switch to TCP and redo
     > the request, but SEAM doesn't know this and bails.
     > 
     > We put requests in to both vendors to fix this and neither seemed really
     > excited to do it.  Sun's response was, "It'll be in Solaris 10..."
     > 
     > Given that level of support, we started looking at commercial vendors
     > and found a company called Vintela who has a pretty nice package called
     > "Vintela Authentication Services" which is cross platform and has some
     > other nice features (eg. a nice snap in to manage the Active Directory
     > side of things in MMC, etc.).
     > 
     > I just today received notice that they've released a new version which
     > at first glace appears to address some of our concerns when we demoed
     > the software a few months back.
     > 
     > Generally the company seems very eager to please and willing to
     > integrate changes that we asked for.
     > 
     > Cheers,
     >  - Mike Myers, Mike.Myers <at> nwdc.net
     > 
    

  • Next message: Reg Quinton: "Re: Solaris 9 authentication and access control into Active Directory"