Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Solaris 9 authentication and access control into Active Direc tory

from [Ted Rodriguez-Bell] Network Security [Permanent Link]
Subject: RE: Solaris 9 authentication and access control into Active Direc tory
Date: Fri, 17 Sep 2004 11:48:28 -0700 
I'll second Mr. Myers' endorsement of Vintela's VAS.  We have an
environment that's a mix of Sun, HP-UX, AIX, and Linux.  HP 11.0
doesn't have PAM at all and the support in 11.11 is weak; AIX 5.1 is
also problematic.  

VAS works pretty well across all of them.  We've had some problems but
have had no show stoppers, and Vintela's support has been excellent.

Ted Rodriguez-Bell
Wells Fargo Services

-- 
Company policy requires:  This message may contain confidential and/or 
privileged information. If you are not the addressee or authorized to receive 
this for the addressee, you must not use, copy, disclose, or take any action 
based on this message or any information herein.  If you have received this 
message in error, please advise the sender immediately by reply e-mail and 
delete this message.  Thank you for your cooperation.

Myers, Mike wrote:

We have been looking at a similar project except that it needs to be
cross platform (Solaris and HP-UX).

We found some limitations in the SEAM product (and to be honest, HP's
product as well) in that if the user was in too many Windows group the
PAC (Privilege Access Certificate?) which gets tagged onto the end of
the Kerberos ticket by AD causes the ticket to exceed the size that will
fit in a single UDP packet.  The AD server would return an error
(52/0x34) which SEAM said was "undefined" because it was at the time
SEAM last pulled source from MIT but has subsequently been defined as
"RESPONSE_TOO_BIG."  The client is supposed to switch to TCP and redo
the request, but SEAM doesn't know this and bails.

We put requests in to both vendors to fix this and neither seemed really
excited to do it.  Sun's response was, "It'll be in Solaris 10..."

Given that level of support, we started looking at commercial vendors
and found a company called Vintela who has a pretty nice package called
"Vintela Authentication Services" which is cross platform and has some
other nice features (eg. a nice snap in to manage the Active Directory
side of things in MMC, etc.).

I just today received notice that they've released a new version which
at first glace appears to address some of our concerns when we demoed
the software a few months back.

Generally the company seems very eager to please and willing to
integrate changes that we asked for.

Cheers,
 - Mike Myers, Mike.Myers <at> nwdc.net
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Solaris 9 authentication and access control into Active Directory, Kai Howells
Next by Date:  Re: Solaris 9 authentication and access control into Active Directory, Reg Quinton
Previous by Thread:  RE: Solaris 9 authentication and access control into Active Directory, Myers, Mike
Next by Thread:  RE: Solaris 9 authentication and access control into Active Directory, Myers, Mike
Indexes:  [Date] [Thread] [Top] [All Lists]