[prev in list] [next in list] [prev in thread] [next in thread]
List: ldap
Subject: [ldap] Re: Microsoft ADAM
From: Peter Schober <peter.schober () univie ! ac ! at>
Date: 2007-02-02 18:28:16
Message-ID: 20070202182816.GM1469 () wssp ! cc ! univie ! ac ! at
[Download RAW message or body]
sorry for being pretty much OT with this... OT for the list and even
OT for the current subject...
* Dustin Puryear <dustin@puryear-it.com> [2007-02-02 16:01]:
> As far as I know, you can't "integrate" AD into another
> authentication source directly. AD is the authentication source, as
> far as Microsoft is concerned.
I certainly didn't expect them to make it easy.
authenticating M$ Windows clients via unix kerberos at least seems to
be possible[1]. but I'm just the directory guy (and unix, email,.. ;)
trying to reduce dependencies on and password transfers to certain
other systems.
> That said, most of us have to support large environments with
> multiple LDAP sources, password files, etc. Generally, there will be
> some kind of synchronization, somewhere.
we have developed custom tools to do this (and much more). the problem
is that syncing credentials is actually a lot easier than messing with
these systems to integrate cleanly with existing infrastructures.
(thank goodness our password policy is still not finished ;)
but it's yet another system that wants to be the authoritative
source for authN (opendirectory, active directory, etc.).
some WebSSO systems seem to have features (at least CAS has a PAM
module; there's some mentioning of CoSign PAM but no sign of code)
that let them venture into the realms (no pun intended) of
kerberos. while this won't help with integrating M$ desktops it would
help with unix/linux/osx maschines and even the occational webmail
system (alleviating the need for proxy authN/n-tier authN).
maybe I should just get stop looking for reasons not to deploy
kerberos and go for it? ;)
regards,
-p.schober
[1] using AD in cross-realm trust with AuthN via some linux KDC or
using ksetup for standalone PCs like mentioned here
http://sial.org/howto/kerberos/windows/
---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic