Directory for user authentication?
Johannes B. Ullrich
jullrich at sans.org
Thu Nov 27 15:14:23 EST 2003
> Someone at the company suggested LDAP, which is currently in place for only
> one app (imapd). Where should I begin to learn about Unix PAM, LDAP, and
> Micro$oft directory services?
LDAP is a good start. For the Linux part, a lot of the integration can
be done using the pam ldap module. The Linux software you mention
(openssh, imap, pop, samba) should be able to use pam for
authentication.
There are replacements for the Windows 2k authentication that will work
with Linux LDAP servers (pgina.xpasystems.com I think).
I think recent versions of Samba make a decent domain controller. There
have been some limitations (e.g. interactions with Exchange servers...
) this may be fixed in more recent versions, or it may not matter to
you.
A couple other systems to consider for single signon are Radius and
Kerberos. Radius is nice in particular if you are looking for something
that supports strong authentication (e.g. Cryptocard). But these
solutions are usually a bit pricy and may be overkill for a small
company (count on $50-$100 per user).
--
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 786 1563
fax: (617) 786 1550 jullrich at sans.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.blu.org/pipermail/discuss/attachments/20031127/4774ef70/attachment.sig>
More information about the Discuss
mailing list