Domain: xpasystems.com
Stories and comments across the archive that link to xpasystems.com.
Comments · 11
-
Pluggable Authentication Modules?
Has anyone at microsoft ever considered using somthing along the lines of PAM (Pluggable Authentication Modules)? It would go a long way towards allowing windows to "play nice with others", as well as allow third parties to innovate new methods of authentication. Hopefully without the usual onerous licensing requirements. Perhaps something along the lines of PGINA? http://pgina.xpasystems.com/
-
Re:Bitching doesn't help, action does.
Check out Knowledge Tree. They have a fairly polished webdav-based DMS, and are going to write a MS plugin for it as well (Plugin not open source). It has LDAP integration, and versioning. I plan to install it and goof around once I get my website back up and running, and get a couple of spare computers to hook everything up on.
Hopefully, I'm looking to get a Hula, Knowledge Tree, Fedora Directory, (I hate OpenLDAP, and I don't want to pay for Novell's) server, with pGina for Windows client authentication. I haven't tried OpenOffice with a WebDav server backend, but if that worked with revisioning, you have all the parts for a completely open-source server/infrastructure that meets the requirements that I mentioned. I just don't know if I'm going to have time to ever put it together, and some projects aren't mature enough to completely replace their MS counterparts. Hula especially, as right now it has only limited client support for all the applications, but it supports LDAP, and it's not a bunch of recycled parts with no management parts like Kolab. They should rename that project Kobble. But hopefully soon, all the parts will be production ready.
Man do I go off topic. -
Re:Integrated
There is one... http://pgina.xpasystems.com/
I was using it for quite a while.. have an AD running under VMware now. -
Unix and Windows going to the same backend
How do you get Windows and Linux using the same system?
pGINA: PAM modules for Windows. -
Random SuggestionsIt's not open source, but it runs on linux. Nterprise Services for Linux includes file, print, identity, etc. Basically a port of Netware services, including eDirectory, to Linux.
You mention automounting, SMB, etc. I didn't understand if you meant having a Linux server allow Windows clients to authenticate and mount against Linux. If you did, there's a handy piece of software that allows Windows clients to authenticate directly to LDAP. Amusing name, but nice product...pGina.. It also features plugins that allow for roaming profiles, etc.
-
Re:oops . . .forgot link
Yeah, you're really bad with A tags.
-
always preview
-
Re:The problem is for windows...
If your OpenLDAP/Kerb5 kit was put together right, you could use the LDAPv3 setup for authenticating more standard clients, and use pGINA for Windows. It won't kerberize you (yet), but SSL should provide your basic security. Samba servers using the LDAP backend should fit quite nicely.
Another idea is to configure LDAPv3, and set up a Samba server(with the LDAP backend) as a Domain Logon server. If these are all on one server, you've pretty much built the same thing Microsoft does on an AD PDC, but without the tight integration. LDAP clients get the full benefit, and Windows clients will work out of the box. Think of it like half-assed AD.
:)What would be nice is to see something like Apache Toolbox for OpenLDAP and Kerberos. LDAPv3 is quite a task to get set up, and I think the huge learning curve for the system is it's largest flaw. Seriously, Microsoft only needs to know your dns domain to get everything configured, why can't it be that easy?
:> -
Re:I think they'll just obfuscate more.
-
Re:Lucky Linux users
why is the community chasing M$ in it's hide&seek strategy? Isn't the M$ auth GINA (what a lousy name...) whatever replaceable? Screw them! Let's interface windows auth methods to unix rather than run after their stuff. Wouldn't it be cool if the samba tree included some
.dll to log a M$ box into an ldap ssha or cert , standards kerberos environment?
There is an open source GINA implementation to auth against other services.
http://pgina.xpasystems.com/
I think it comes in two parts, one a general backend and there are a bunch of different auth systems. -
Re:Lucky Linux users
pGina does essentially what you describe. It replace GINA and allows MS boxes to authenticate directly against an LDAPv3 server. But people who understand this stuff much better than myself tell me that this is not really a great solution. GINA is a fairly superficial authentication component, and replacing it doesn't make some of the more subtle bits fit together. Modifying the LSA (Local Security Authority) would be necessary to do the job properly. But, not surprisingly, documentation for it is not forthcoming.