[CentOS] authentication loosely tied to active directory?
Les Mikesell
lesmikesell at gmail.com
Tue Jun 16 16:43:49 UTC 2009
JohnS wrote:
> On Mon, 2009-06-15 at 22:30 -0500, Paul Johnson wrote:
>> On Fri, Jun 5, 2009 at 5:29 PM, Ross Walker<rswwalker at gmail.com> wrote:
>>> On Jun 5, 2009, at 1:00 PM, Les Mikesell <lesmikesell at gmail.com> wrote:
>>>
>>>> What's the best authentication scheme when you are dealing with an
>>>> active directory that someone else controls? I've been using pam
>>>> configured for smb and local passwords where a local account is needed
>>>> for real logins (but either the domain or local password will work)
>>>> and
>>>> web services don't require a local account. That's most of the
>>>> functionality I want and it doesn't take pre-arrangement with the AD
>>>> administrator, but I have to glue mod_auth_pam into httpd and I'm not
>>>> sure how to duplicate it for java web services.
>
> If this is java web services your having the problem with you can also
> use kerberos with SOAP/XML/RPC. But the catch is only 128Bit Encryption.
Don't forget that I want it to honor system accounts too - or at least
some that aren't in AD.
> Another option maybe LDAP under Apache.
What I'm looking for is a network service that will work across apache
and java web services (without requiring a login account) that
transparently merges AD accounts with others that I can control
separately, and also to be able to use those same logins and passwords
for linux system logins where accounts are specifically created. That
is, all AD & linux accounts should work for web services and Linux
account logins should be able to use AD passwords where they exist.
I'd think this would be a fairly common situation where the bulk of
company operations are on desktops controlled by AD but there are some
developers using Linux and some infrastructure resources using it
(subversion, wikis and other web services, etc.) and some users that
don't map to employees.
--
Les Mikesell
lesmikesell at gmail.com
More information about the CentOS
mailing list