centralized user account management in non-windows environment

Toggle sidebar Toggle sidebar
FoBoT

FoBoT

No Lifer
Apr 30, 2001
63,084
15
81
fobot.com
how is it done?

like if you had 14 linux servers, 2 unix servers, 1 solaris server and 2 windows server (but no domain/no active directory) along with 250 desktop PC's all linux and 15 Mac's

how would you manage common user account like a windows domain does? what tools are available to do this? can you point me to any web sites/tutorials that outline how that would work?


thank you. :gift:
 
FoBoT

FoBoT

No Lifer
Apr 30, 2001
63,084
15
81
fobot.com
ok, reading/download that stuff

so, if i have a bunch of remote LAN's, first i setup the primary KDC at the central office, the i setup a KDC in each remote office? and these secondary KDCs need to have occasional connectivity to a central KDC to get updates?
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: FoBoT
ok, reading/download that stuff

so, if i have a bunch of remote LAN's, first i setup the primary KDC at the central office, the i setup a KDC in each remote office? and these secondary KDCs need to have occasional connectivity to a central KDC to get updates?
Click to expand...

I haven't set it up, but I know the secondaries have to connect to the central. Not sure how often though...
 
cleverhandle

cleverhandle

Diamond Member
Dec 17, 2001
3,566
3
81
Originally posted by: FoBoT
so, if i have a bunch of remote LAN's, first i setup the primary KDC at the central office, the i setup a KDC in each remote office?
Click to expand...
Yup.
and these secondary KDCs need to have occasional connectivity to a central KDC to get updates?
Click to expand...
IIRC, the primary KDC is the only one that has a read/write copy of the credentials. So if you need to change a password, you need to have connectivity to the primary. From there, I don't know whether the primary pushes the update, or whether the secondary polls at a set interval.

Another name for this kind of setup, BTW, is "LDAP v3" - basically a combination of Kerberos, LDAP, SSL, and TLS to provide security along all paths of the authentication and authorization processes.

Also, know that what you're proposing doing is pretty complicated stuff, especially when you're also dealing with 5 different platforms in the process (all of them have their own little requirements when it comes to modifying the login process). I'm assuming that if you're actually in charge of all the machines you list, that you have both skills and patience. But don't underestimate the difficulty of the task.

edit: Oh yeah... here's a good link on LDAPv3. He takes a very "from scratch" approach to things, so some of that work may already be done by your distro/vendor. But there's still a lot of configuration to be done whether you build the packages or not.
 
N

NetWareHead

THAT guy
Aug 10, 2002
5,847
154
106
Originally posted by: FoBoT
how is it done?

like if you had 14 linux servers, 2 unix servers, 1 solaris server and 2 windows server (but no domain/no active directory) along with 250 desktop PC's all linux and 15 Mac's

how would you manage common user account like a windows domain does? what tools are available to do this? can you point me to any web sites/tutorials that outline how that would work?


thank you. :gift:
Click to expand...

all these dis-similar operating systems just screams for Novell eDirectory. eDirectory can manage accounts from all these operating systems, is able to manage the systems too and provide a better directory than AD domains. As an added plus, the eDirectory services will run on nearly all versions of commercial UNIX, Solaris, Linux, NetWare and Windows server, but not sure about MAC/OSX server. goto www.novell.com
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom