Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Unix Operating Systems Software

Centralized and Secure Autentication? 9

Posted by Cliff from the when-/etc/passwd-just-isn't-good-enough dept.
signal7 asks: "I run a network of 50+ workstations. Some are UNIX, some are Novell, some are NT, etc. The problem is I recently setup a killer Samba server, but synchronizing user information in a *SECURE* fashion just doesn't seem possible. I'm looking for something that provides the exchange mechanism of say Lerberos, with the centralization of LDAP. Anyone have any suggestions?"
This discussion has been archived. No new comments can be posted.

Centralized and Secure Autentication? More

Centralized and Secure Autentication?

Comments Filter:
  • ahh - but I read most of RFC's on LDAP and the protocol is not secure. Any idiot that has root would be able to query my LDAP server. That's why I wanted something more like a secure challenge/response mechanism like SMB or Kerberos(not Lerberos -- seriously I did NOT misspell that when I submitted it, I'm sure of it).

    Anyway, I do appreciate the suggestion. I will take a look at pam_smb and see if it uses the NT challenge/response mechanism which would be a step in the right direction.

    --

  • Security Dynamics (the parent company of RSA Data Security Inc) makes a product called ACE server. It provides a centralized login with tokens. Tokens are hardware cards about the size of a credit card but a little thicker. It's based on some older crypto tech, but it still seems secure. They have NT servers and Linux clients, but I'm not sure how far they go with Linux clients (PAM integration? dunno....)

    http://www.securitydynamics.com
  • If you want to go to a directory service (which seems to be the case if you need to syncronize) there is a Java based (java sucks, but I also think there are X clients as well) project called Ganymede (I think, I may be spelling it wrong).

    It kind of looks like NT user management and such, but it intergrates such things as Dynamic DNS and DHCP and all of those sort of things. If you are unfamiliar with directory services, they basically bind a whole lot of data togther (like user names, workstations, ip's, dns entries et cetra).

    Go look on freshmeat, I have not used it myself, but it looks pretty nice.
  • I will take a look at pam_smb and see if it uses the NT challenge/response mechanism...

    AFAIK, pam_smb doesn't change thepart fo the authentication which occurs over the network - that's cntrolled based on the "encrypted passwords" setting. pam_smb should just allow you to use the system password file instead of a seperate one, which would also be good I guess. :)

    On a related note, I can't get pam to compile under SuSE 6.0/6.1 hybrid, at least not the pam rpm from redhat. Anyone else have any success? I guess I'll try the "real" source instead of redhat's... :)

    --Danny


  • Since you already have some Novell servers, NDS might be a possibility. NDS is currently available for NT and Solaris. Novell has said they will have NDS for Linux out by the end of the year.

  • What sort of centralization is that you want that Kerberos doesn't offer?
  • kerberos doesn't centralize file sharing(NFS, Samba, etc) and printing. As far as I can tell it only centralizes telnet and ftp.

    --

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close