From: John Christian (john.christian@TheCReGroup.com)
Date: Tue Sep 14 2004 - 15:24:47 EDT
Hi Sunmanagers,
QUESTION 1
Instead of creating accounts on every host for each user, what is a
popular
way to "hook" Solaris logins (telnet, ssh, sftp) to authenticate against
an
existing Windows Domain? (I'm told our Win Domain is RADIUS accessible.)
QUESTION 2
Perhaps we DO want to create an account on every host for each user and
only have the password authentication [dis]approved by the Windows
Domain. We only have ~10 hosts with ~15 users. Is there a way to logically
replace /etc/shadow with the Windows Domain? (Except for root and admin
accounts.)
DETAILS
* I am told we can authenticate against the Windows Domain through a
RADIUS server. Our VPN gateway is doing that now.
* We're looking for a straightforward way to take advantage of the
existing Windows Domain infrastructure. We do not have visions of SSO
(single sign on) for the entire organization.
* I don't think we want to create an entirely new LDAP-based directory
server.
* Solaris 9, latest media, latest patch cluster.
* Hardware includes 240's, 440's, 880's, and 1280's.
* All hosts (Windows and Solaris) are at the same site.
TIA for any cookbooks, suggestions, links, or personal experiences.
I will summarize!
-John C.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:29:26 EDT