Slashdot Mirror

← Back to Stories (view on slashdot.org)

Centralized and Secure Autentication?

Posted by Cliff on from the when-/etc/passwd-just-isn't-good-enough dept.

signal7 asks: "I run a network of 50+ workstations. Some are UNIX, some are Novell, some are NT, etc. The problem is I recently setup a killer Samba server, but synchronizing user information in a *SECURE* fashion just doesn't seem possible. I'm looking for something that provides the exchange mechanism of say Lerberos, with the centralization of LDAP. Anyone have any suggestions?"

7 of 9 comments (clear)

  1. Re:ypldapd, pam_ldap @ www.padl.com by signal7 · · Score: 1
    ahh - but I read most of RFC's on LDAP and the protocol is not secure. Any idiot that has root would be able to query my LDAP server. That's why I wanted something more like a secure challenge/response mechanism like SMB or Kerberos(not Lerberos -- seriously I did NOT misspell that when I submitted it, I'm sure of it).

    Anyway, I do appreciate the suggestion. I will take a look at pam_smb and see if it uses the NT challenge/response mechanism which would be a step in the right direction.

    --

    --

    --
    I have no sig.

  2. ACE Server by drig · · Score: 1

    Security Dynamics (the parent company of RSA Data Security Inc) makes a product called ACE server. It provides a centralized login with tokens. Tokens are hardware cards about the size of a credit card but a little thicker. It's based on some older crypto tech, but it still seems secure. They have NT servers and Linux clients, but I'm not sure how far they go with Linux clients (PAM integration? dunno....)

    http://www.securitydynamics.com

    --
    Citizens Against Plate Tectonics
  3. Ganymede by DrZaius · · Score: 1

    If you want to go to a directory service (which seems to be the case if you need to syncronize) there is a Java based (java sucks, but I also think there are X clients as well) project called Ganymede (I think, I may be spelling it wrong).

    It kind of looks like NT user management and such, but it intergrates such things as Dynamic DNS and DHCP and all of those sort of things. If you are unfamiliar with directory services, they basically bind a whole lot of data togther (like user names, workstations, ip's, dns entries et cetra).

    Go look on freshmeat, I have not used it myself, but it looks pretty nice.

    --
    -- DrZaius - Minister of Sciences and Protector of the Faith
  4. Re:ypldapd, pam_ldap @ www.padl.com by cloudmaster · · Score: 1
    I will take a look at pam_smb and see if it uses the NT challenge/response mechanism...

    AFAIK, pam_smb doesn't change thepart fo the authentication which occurs over the network - that's cntrolled based on the "encrypted passwords" setting. pam_smb should just allow you to use the system password file instead of a seperate one, which would also be good I guess. :)

    On a related note, I can't get pam to compile under SuSE 6.0/6.1 hybrid, at least not the pam rpm from redhat. Anyone else have any success? I guess I'll try the "real" source instead of redhat's... :)

    --Danny

  5. NDS might be a possibility by Shadok8 · · Score: 1


    Since you already have some Novell servers, NDS might be a possibility. NDS is currently available for NT and Solaris. Novell has said they will have NDS for Linux out by the end of the year.

  6. Centralization by Squeamish+Ossifrage · · Score: 1

    What sort of centralization is that you want that Kerberos doesn't offer?

    1. Re:Centralization by signal7 · · Score: 1
      kerberos doesn't centralize file sharing(NFS, Samba, etc) and printing. As far as I can tell it only centralizes telnet and ftp.

      --

      --

      --
      I have no sig.