Re: Single Password - Linux & Windows

From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 05/31/05 

Date: Tue, 31 May 2005 14:24:18 -0600

"Jason Williard" <jwilliard@pcsafe.net> writes:
> I have 5 servers; 3 RedHat and 2 Windows 2003 Server. I would like
> to use a single password for all of these. When thinking about
> this, I had 2 thoughts that came to mind. 1) Setup the 2 Windows
> servers as domain controllers and find a mechanism to connect the
> linux machines to that. 2) Setup 2 of the linux machines with Samba
> to act as domain controllers. Unfortunately, I don't know which is
> the best option, or if either of these is the best.
>
> What is the best way for me to do this? In the end, I would like to
> have the system administrators be able to login to any of the
> servers with a single login. As well, I would like to use the
> password for specific access for employees, such as pop3/imap/smtp
> and a few other integrated services.
>
> Any suggestions or information would be appreciated.

in theory, an underlying m'soft mechanism is kerberos ... so it should
be possible to deploy a kerberos configuration (across both windows
and many other operating systems).

(windows) kerberos interoperability
http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prdp_log_tjil.asp

windows kerberos security tutorial
http://www.mcmcse.com/win2k/guides/kerberos.shtml

from my rfc index
http://www.garlic.com/~lynn/rfcietff.htm

select "Term (term->RFC#)" in the "RFCs listed by" section
and scroll down to kerberos:

kerberos
 see also authentication , security
 3962 3961 3244 3129 2942 2712 2623 1964 1510 1411

...

selecting any of the RFC numbers then brings up the summary for that
RFC. in the summery field, selecting the ".txt=nnnn" field retrieves
the actual RFC.

some past kerberos related postings:
http://www.garlic.com/~lynn/subpubkey.html#kerberos 

-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/

Relevant Pages

  • Re: Kerberos enforced in W2k/NT4 environment
    ... There is no direct way to force kerberos authentication in a domain. ... set lan manager authentication level to be send ntlmv2 ... sure that those servers and domain controllers in the W2K domains are also ... From your NT4.0 domain controllers you should be able to ping ...
    (microsoft.public.win2000.security)
  • Re: Really stupid question about z/OS HTTP server
    ... automagically logged on to their corresponding z/OS RACF id? ... IBM CICS RACF Security and Microsoft Windows Server 2003 Security ... kerberos was originally developed a MIT's Project Athena ...and then ... selecting RFC number brings up the corresponding summary in the lower ...
    (bit.listserv.ibm-main)
  • Re: Authentication architecture on a Unix Network
    ... recent post with LDAP reference ... now another widely used mechanism for authentication is Kerberos ... using digital signature for initial kerberos authentication mechanism ... for ietf RFC references ... ...
    (comp.security.unix)
  • Kerberos/RPC Authentication issue
    ... In one of our sites we have 2 domain controllers. ... All servers in this site point to these DC's for their primary ... and secondary dns. ... about kerberos, RPC, cant talk to anything. ...
    (microsoft.public.windows.server.active_directory)
  • Kerberos password change specification
    ... I was wondering where is the specification for the original Kerberos Change Password protocol, as I could not find it so far. ... RFC 3244 only details the Windows extension, and for what I've seen of RFC 1510, there is no mention of how the Password change actually works. ... Why does RFC 1510 refer to the password change service (example: "(The password-changing request must not be honored unless the requester can provide the old password (the user's current secret key)"), but not actually specify how it works, or refer to some other document that does? ...
    (comp.protocols.kerberos)