[CentOS] Anyone using Active Driectory auth with Centos 5.4.....?

Wed Feb 10 00:10:06 UTC 2010
Jay Leafey <jay.leafey at mindless.com>

If you are using AD for JUST authentication and not user information, 
you can use the PAM Kerberos stuff.  We've been using it for a couple of 
years from both CentOS/RHEL 4 and 5 systems with good results.  It was 
actually pretty easy to do (once we figured out which type of chicken 
bones to burn).

You can use authconfig to turn it all on:

authconfig --enablekrb5 --krb5realm {AD domain name} \
     --enbablekrb5kdcdns --enablekrb5realmdns --update

This will use DNS to locate the domain controller and KDC for the domain 
given the AD domain name.  You can manually specify the KDC and admin 
servers too, see the authconfig man page for specific details.

If you want something perhaps more polished, you could look into the 
Likewise products, which handle the whole shooting match pretty well 
(http://www.likewise.com/products/likewise_open/).  I've played with the 
Open (free) version and it worked just fine, the Enterprise has more 
features but I haven't played with it.

As always, YMMV.
-- 
Jay Leafey - Memphis, TN
jay.leafey at mindless.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3274 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20100209/1a96c2d9/attachment-0005.bin>