[CentOS] authentication loosely tied to active directory?

JohnS jses27 at gmail.com
Tue Jun 16 18:05:39 UTC 2009


On Tue, 2009-06-16 at 11:43 -0500, Les Mikesell wrote:
> JohnS wrote:
> What I'm looking for is a network service that will work across apache 
> and java web services (without requiring a login account) that 
> transparently merges AD accounts with others that I can control 
> separately, and also to be able to use those same logins and passwords 
> for linux system logins where accounts are specifically created. That 
> is, all AD & linux accounts should work for web services and Linux 
> account logins should be able to use AD passwords where they exist.
> 
> I'd think this would be a fairly common situation where the bulk of 
> company operations are on desktops controlled by AD but there are some 
> developers using Linux and some infrastructure resources using it 
> (subversion, wikis and other web services, etc.) and some users that 
> don't map to employees.
> 
---
Web Services via SOAP can be your "Middle Ware" (man in the middle) to
authentication here. Your AD admin is going to have to help out in some
way for this to happen. No way around it I see. Anonymous accounts can
be mapped to the the appropiate AD account (IWAM_User - depends on
service app). Firefox can use the LDAP Plugin, Apache auth can be mapped
to LDAP on AD. Once an AD account is locked out he will know anyway.

Maybe check out MS Web Services Interface and WSDL for AD. It is just
something to really sit down and think about authentication between
mixed node systems. Can it be done? Yes. One other solution here
Enterprise wide would be Citrix.

john




More information about the CentOS mailing list