[19319] in Kerberos
Re: Unify Unix and NT accounts with kerberos
daemon@ATHENA.MIT.EDU (Lawrence MacIntyre)
Tue May 27 13:36:16 2003
From: Lawrence MacIntyre <lpz@ornl.gov>
To: Kurpas Ban <kurpasban@yahoo.com>
In-Reply-To: <e20646c8.0305260742.1f0b21c0@posting.google.com>
Message-Id: <1054056842.9297.53.camel@nautique>
Mime-Version: 1.0
Date: 27 May 2003 13:34:02 -0400
cc: kerberos@MIT.EDU
Content-Type: multipart/mixed; boundary="===============31832354378835293=="
Errors-To: kerberos-bounces@mit.edu
--===============31832354378835293==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="=-Jw6ECFfLedktNg6rLPVT"
--=-Jw6ECFfLedktNg6rLPVT
Content-Type: multipart/mixed; boundary="=-JwId+mlt9js5DHJy88/8"
--=-JwId+mlt9js5DHJy88/8
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
You obviously are in need of one of these...
On Mon, 2003-05-26 at 11:42, Kurpas Ban wrote:
> It's EASY
>=20
> http://www.sco.com/products/authentication
>=20
>=20
> digant@uta.edu (Digant Kasundra) wrote in message news:<BB48F73042D29D41A=
033A684D5FBB98405DCBA7F@exchange.uta.edu>...
> > At University of Texas at Arlington, we're still working on a similar t=
ask
> > to provide a single username and password to students on all 4 of our
> > platforms (Windows, Linux, Tru64, and Solaris).
> >=20
> > So far, we have done testing with Kerberos and LDAP to authenticate Uni=
x
> > users against Active Directory. The results have been okay, but not
> > acceptable. =20
> >=20
> > Speaking of Kerberos specifically, we tested with Linux against Active
> > Directory and were able to authenticate users without a problem. But, =
for
> > instance, if the person's password had expired, the pam_krb5 module was
> > unable to recognize this during the accounting part (it would recognize=
it
> > during the authentication part but based on PAM standards, asking a use=
r to
> > change their password should be done in the accounting part).
> >=20
> > But for the normal case where a user has an account on a Unix system an=
d a
> > username and password stored in Active Directory (that isn't expired, o=
r
> > locked, or anything else weird), pam_krb5 works like a charm to authent=
icate
> > the user using Kerberos v5.
> >=20
> > FYI, pam_ldap also has major short comings when it comes to handling th=
ese
> > special cases (e.g. password expirations, etc).
> >=20
> > We are planning to begin work on our own module called pam_ad that will=
be
> > designed specifically to integrate Kerberos and LDAP for the purpose of
> > authenticating and handling accounting against Active Directory.
> >=20
> > -- Digant
> >=20
> > > -----Original Message-----
> > > From: Jerome Walter [mailto:walter+SP@M.efrei.fr]=20
> > > Sent: Thursday, May 01, 2003 4:04 PM
> > > To: kerberos@MIT.EDU
> > > Subject: Unify Unix and NT accounts with kerberos
> > >=20
> > >=20
> > > Good evening everyone,
> > >=20
> > > I have been asked to study and implement a technology to=20
> > > unify accounts and data between NT (2000), Unix (Solaris) and=20
> > > GNU/Linux stations.
> > >=20
> > > For the moment, i think Kerberos would be the best (the only=20
> > > one ?) solution to have the same password between NT and=20
> > > Unix, is it true ?
> > >=20
> > > Am i wrong or anyone have ever had problems trying to use=20
> > > samba + Kerberos to get a domain for NT stations "compatible"=20
> > > with GNU/Linux and Unix ?
> > >=20
> > >=20
> > > Could you please give me advices about KDC to use, points to=20
> > > be careful of or any other way to have these passwords synced=20
> > > without authenticating Unix stations over the Windows domain.
> > >=20
> > > Best regards,
> > >=20
> > >=20
> > > Jerome Walter
> > >=20
> > > --=20
> > > -+-- J=C3=A9r=C3=B4me Walter - I2 EFREI ----+-
> > > Equipe Syst=C3=A8me - Efrei Robotique - Jap'Efrei - Erasmus=20
> > > Tutors "The World is my country" - "Nihon no tomodachi desu"=20
> > > EFREI System and Networking guide http://perso.efrei.fr/~walter/ =20
> > > ________________________________________________
> > > Kerberos mailing list Kerberos@mit.edu
> > > https://mailman.mit.edu/mailman/listinfo/kerberos
> > >=20
> >=20
> > ________________________________________________
> > Kerberos mailing list Kerberos@mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--=20
Lawrence MacIntyre <lpz@ornl.gov>
High Performance Information Infrastructure Technology Group
--=-JwId+mlt9js5DHJy88/8
Content-Disposition: attachment; filename=non-sco.png
Content-Type: image/png; name=non-sco.png
Content-Transfer-Encoding: base64
iVBORw0KGgoAAAANSUhEUgAAAEsAAAAwCAMAAABudXfaAAABg1BMVEXn8fgAaLsYdbqyo1D/vh7T
5fLC2+01h8O21On9z2uKudyozOX9xk3+8NELbLX+th0AZ74AZLIndaTCqEYCabXksjP/wRefxuIz
eZ3+46gAYbDrtS5TmcxAfZX/vCD+uCIAY8TUrjv9/v7z+PuEk22UmGP+2o6knloccqoDarVfh4L/
9uRanc1Hksgierzc6vWbml9qptLIq0DdsDf+6LrzuSV6kXQQbrL9uCVoin3h7vZzrNX+uSb/uibx
tit9sthBjsbN4fBiiIFzjnj+uCP+vTP/uySIlWpRg4v/+u/0uCkBaLMrgb9MgY79uST9tyCNlmf7
/f4NbrcAXq9Gf5Hu9fr4uSZlo9AAYLCVwN8Vb68HbLYFabD//fj4uiP4+/wAZrM8fqAofr98kXEP
cLf+tRhdiYvJ3+74uCpahob8uyMFZbL9wUCCk29Olsr5vCBRl8dWhIhdn88AY7FfoND+uinY6PPX
5/P3vR9ChaYwg8AHZ7NlmrT9uSgFa7X/////AADVjMMbAAAACXBIWXMAAAsRAAALEQF/ZF+RAAAA
B3RJTUUH0wMIBjAO5hnxWAAAA15JREFUeNqll/1P00AYx7tSGUgc6+jCYKGZEGElgMDE+TJADBnE
MVkgKGygyxw/SMAE9oMJyl3/dO+u7e6Vs4QvoWmf3n363HPP87QzoE8EHynMMHxfAbscja1nEYlh
sbTRu/jaj0iIBWXYvm5upbJe4Qx0vgEp19ezKtbYfDqdTiTQoT7miiQfGpCFEdqZGlVtLC/PES0T
DVR4EgxYPGxCSbIGdpvEK+xW8ypriaSIxdGGFahPxQJCeF46UqHlS4E2oAQ7V4XKzY+9/plLlJGK
ubeNkmr7DSjDBNBqplCI3PGCZTI+TahYDI1zqeq6+dWBxm4uU2wWW5lc/Qf3VKhmya49v0ohnxJU
gHPqTsOSYKVSKZvN5jc28p+/ra2tfbE8OgLdQCNG72VxMMst7UwVE8gtx0MCADAkv2pV7/QshnY9
L4qCyOV1A7EudaxZfplV6yL/YrfYbLF793Euf2Gt49tvXulYl0w6VzOpVrmJVC5TI04xZEklUij1
t890rHO2YF3XtdC/y/iUtlwL29ABd5xpHWubq36hF9Trnsvl8TDUsYRWwlUwAK11viYmdKxZqcNR
qguAJdQX1LH+TkUSUNjkgcQULy1rEfTlc6tTqqVlwd4DUF2oZ8nVFPv1acQhxaQZehR8CMzQoKD8
XnkoS5waG2bonRKDF5P1ddLGCifh08NgRPKwR2E9pJfI+qQ7SdU7XmRZgzUuqcjFEb6xZPPJBsAH
ZF1xhFTrUNYJl5/kvIftM205dSGctuUKeBexZvBlO1rf6elpamkL27+TcY7d2et0GBh+gE07129c
KwcR6xhdjCuijic576UtQNZjNui/gmUELPyOUXxsdpH9j3JDwQw77kZghQEZxxohUYcjOMD3lRZr
XsBrZlh8Q7CTYcu4gTFgJhpo0nhJvWUoXLmm6iPTEX6o0c+J4Ga7XUN/QRqYcDzw/P+wTphB7Hdh
f7hDWEk1ywYiDQ8fiVhiAPD6F+AtOtZkVltIXPgU52ZUQyJqEJD9w2PA5KCqid+yruFhJyErMNUi
OfiLhhSdF+yCR+Q4dncoctob2uLeBmbYJ5RvBzJrxROrDi9lWn63HECWxU+xaZwFbdI+AID8TY5P
TUZLyRManM09k9MCqQczDIev+q3wqJ96fdg/9GErvc5v9rAAAAAASUVORK5CYII=
--=-JwId+mlt9js5DHJy88/8--
--=-Jw6ECFfLedktNg6rLPVT
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQA+06GKCNjP8rawCW4RAvQlAKCaqffkRRQ7Fr36BWuC/F/h/Ma7cACfSXpV
LmZt27fL0EyEDNFA596/gfc=
=BpEG
-----END PGP SIGNATURE-----
--=-Jw6ECFfLedktNg6rLPVT--
--===============31832354378835293==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============31832354378835293==--
