[ale] Mixed environments, central authentication, and central user management?

James Sumners james.sumners at gmail.com
Thu Oct 30 10:45:31 EDT 2014


I administer RHEL systems in an environment that is primarily managed by a
Windows domain. That is, Active Directory (AD) controls usernames,
passwords, and all that jazz. I have my RHEL systems _authenticating_
against AD but that's it. I don't pull user ids, group ids, shells, group
memberships, or anything else out of AD. I'm at the point where I want to
move in that direction, though. And that's where I'd like some input from
the list...

I can work with the AD administrator to get whatever attributes added that
I need to make such a scenario work. But I wonder if that's worth it. Would
it be better to setup a vanilla LDAP server specifically manage the RHEL
users? If I did that, would I be able to pass the authentication along to
the AD server but get the details out of the LDAP server? Or should I setup
a Kerberos server that communicates with AD in addition to the LDAP server?

What are you guy's experience in this regard? How did you solve this
problem?

-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts pathological
personalities. It is not that power corrupts but that it is magnetic to the
corruptible. Such people have a tendency to become drunk on violence, a
condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20141030/e40a183a/attachment.html>


More information about the Ale mailing list