Re: Authentication architecture on a Unix Network
- From: "kona" <kona_iron@xxxxxxxx>
- Date: 18 Jan 2007 12:38:05 -0800
Thank's all for your advices.
I think about the Kerberos solution but what about my configuration :
On some Unix machines we host some different customers.
So each customers have to authenticate again it's own authentication
We can use a same LDAP instance for all customers. Each customers have
it's own specific LDAP branch.
But what about in case of a Kerberos solution ?
As each customers have it's own Windows Domain with it's own AD, is it
possible from a Unix machine to address the AD of the right customer ?
Colin McKinnon wrote:
Jeremy Worrells wrote:
On 2007-01-16, kona <kona_iron@xxxxxxxx> wrote:
Until now we always used authentication again local /etc/passwd file
for our Unix servers.
We have about 300 machines of different OS, Sun, HP, AIX and some Linux
We would like to centralize all this part of authentication.
We do not would like to use NIS,NIS+
All recommendations, advices, links are welcome.
What I'm interested is on a centralized architecture. As the principle
of ActiveDirectory on Windows domain
My suggestion would be to look into LDAP for centralized, secure
Microsoft's version of LDAP is called...Active Directory - but of course it
has weird differences from everybody elses' version - so you can
authenticate Unix clients against a MS AD server but its very tricky to get
MS clients to authenticate against a Unix LDAP.
If you ever might be interested in authenticating MS clients, take a look at
Samba and GOSA, also the LDAPgina.