Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Solaris 9 authentication and access control into Active Directory

from [Ron Ogle] Network Security [Permanent Link]
Subject: Solaris 9 authentication and access control into Active Directory
Date: Sun, 12 Sep 2004 16:10:47 -0500
Has anyone out there been very successful with completely integrating Solaris 9 into Microsoft's Active Directory? This is what I'm hoping to do:

1. Use Kerberos on Solaris 9 via PAM to authenticate to AD using the Windows username/password.
2. Use LDAP through NSS to get /etc/passwd and /etc/group type data from AD.
3. Use Solaris RBAC to group the Windows userids into roles that will manage the systems.
4. Have a very difficult root password (hopefully using MD5) on the local machine in case AD is not available. I will use this authentication only as a last resort.

From what I've read the MIT version of Kerberos works better with AD, but the Solaris SEAM version of Kerberos works better with Solaris. From someone who's been there done that, MIT or SEAM?

I've read the Microsoft document on integrating Unix into Windows 2003. They either have SFU or recommend purchasing VAS. I know that there is also PAM SMB authentication, but I don't believe that I want to do that.

Thanks
Ron Ogle

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: allowing ordinary users to open privileged ports, Brian Parent
Next by Date:  Re: allowing ordinary users to open privileged ports, Herman Sheremetyev
Previous by Thread:  RESOLUTION: E450 - hangs when booting without keyboard and monito r, Steiner, Jason (OCFO)
Next by Thread:  Re: Solaris 9 authentication and access control into Active Directory, Erwin Fritz
Indexes:  [Date] [Thread] [Top] [All Lists]