Solaris login based on Windows Domain?
2007-12-25 3:58:00
QUESTION 1
Instead of creating accounts on every host for each user, what is a
popular
way to "hook" Solaris logins (telnet, ssh, sftp) to authenticate against
an
existing Windows Domain? (I'm told our Win Domain is RADIUS accessible.)
QUESTION 2
Perhaps we DO want to create an account on every host for each user and
only have the password authentication [dis]approved by the Windows
Domain. We only have ~10 hosts with ~15 users. Is there a way to logically
replace /etc/shadow with the Windows Domain? (Except for root and admin
accounts.)
DETAILS
* I am told we can authenticate against the Windows Domain through a
RADIUS server. Our VPN gateway is doing that now.
* We're looking for a straightforward way to take advantage of the
existing Windows Domain infrastructure. We do not have visions of SSO
(single sign on) for the entire organization.
* I don't think we want to create an entirely new LDAP-based directory
server.
* Solaris 9, latest media, latest patch cluster.
* Hardware includes 240's, 440's, 880's, and 1280's.
* All hosts (Windows and Solaris) are at the same site.
TIA for any cookbooks, suggestions, links, or personal experiences.
I will summarize!
-John C.
Comments
Got something to say?
You must be logged in to post a comment.
