[ale] Mixed environments, central authentication, and central user management?
James Sumners
james.sumners at gmail.com
Thu Oct 30 12:37:03 EDT 2014
This looks very promising. Thank you for the suggestion.
On Thu, Oct 30, 2014 at 11:17 AM, Jim Kinney <jim.kinney at gmail.com> wrote:
> RHEL IdM or the upstream FreeIPA solution. It can auth against AD but
> handles the ID/GID, etc. for RHEL users. Uses kerberos and LDAP.
>
> On Thu, Oct 30, 2014 at 10:45 AM, James Sumners <james.sumners at gmail.com>
> wrote:
>
>> I administer RHEL systems in an environment that is primarily managed by
>> a Windows domain. That is, Active Directory (AD) controls usernames,
>> passwords, and all that jazz. I have my RHEL systems _authenticating_
>> against AD but that's it. I don't pull user ids, group ids, shells, group
>> memberships, or anything else out of AD. I'm at the point where I want to
>> move in that direction, though. And that's where I'd like some input from
>> the list...
>>
>> I can work with the AD administrator to get whatever attributes added
>> that I need to make such a scenario work. But I wonder if that's worth it.
>> Would it be better to setup a vanilla LDAP server specifically manage the
>> RHEL users? If I did that, would I be able to pass the authentication along
>> to the AD server but get the details out of the LDAP server? Or should I
>> setup a Kerberos server that communicates with AD in addition to the LDAP
>> server?
>>
>> What are you guy's experience in this regard? How did you solve this
>> problem?
>>
>> --
>> James Sumners
>> http://james.roomfullofmirrors.com/
>>
>> "All governments suffer a recurring problem: Power attracts pathological
>> personalities. It is not that power corrupts but that it is magnetic to the
>> corruptible. Such people have a tendency to become drunk on violence, a
>> condition to which they are quickly addicted."
>>
>> Missionaria Protectiva, Text QIV (decto)
>> CH:D 59
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
>
> --
> --
> James P. Kinney III
>
> Every time you stop a school, you will have to build a jail. What you gain
> at one end you lose at the other. It's like feeding a dog on his own tail.
> It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
>
>
> *http://heretothereideas.blogspot.com/
> <http://heretothereideas.blogspot.com/>*
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
--
James Sumners
http://james.roomfullofmirrors.com/
"All governments suffer a recurring problem: Power attracts pathological
personalities. It is not that power corrupts but that it is magnetic to the
corruptible. Such people have a tendency to become drunk on violence, a
condition to which they are quickly addicted."
Missionaria Protectiva, Text QIV (decto)
CH:D 59
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20141030/c314c7e2/attachment.html>
More information about the Ale
mailing list