Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[HPADM] Single password

2 views
Skip to first unread message

Bhardwaj, Manish

unread,
Jul 2, 2000, 3:00:00 AM7/2/00
to
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01BFE49A.E7DCFFA0
Content-Type: text/plain;
charset="iso-8859-1"

Hi Admins

I am planning to go for single password authentication over our Unix and NT
boxes. Has anyone out their have any experience.
I am thinking of Microsoft SFU ver 2.0 and I want to know if anyone has
implemented or has any information (good/bad) about this. I am using already
using samba for mounting my Unix drives on NT.
My actual requirement is I want single password for all my Unix/NT boxes for
users.


Thanking you in advance.

Manish

------_=_NextPart_001_01BFE49A.E7DCFFA0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2650.12">
<TITLE>Single password</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2 FACE=3D"Arial">Hi Admins</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">I am planning to go for single =
password authentication over our Unix and NT boxes. Has anyone out =
their have any experience.</FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">I am thinking of Microsoft SFU ver 2.0 =
and I want to know if anyone has implemented or has any information =
(good/bad) about this. I am using already using samba for mounting my =
Unix drives on NT.</FONT></P>

<P><FONT SIZE=3D2 FACE=3D"Arial">My actual requirement is I want single =
password for all my Unix/NT boxes for users.</FONT>
</P>
<BR>

<P><FONT SIZE=3D2 FACE=3D"Arial">Thanking you in advance.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Arial">Manish</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01BFE49A.E7DCFFA0--


--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majo...@dutchworks.nl
Name: hpux-...@dutchworks.nl Owner: owner-hp...@dutchworks.nl

Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)


hys...@my-deja.com

unread,
Jul 4, 2000, 3:00:00 AM7/4/00
to
We are testing SFU 2.0 right now in hopes that it
will solve our single sign on needs as well. The
two way syncronization does work between w2k and
RedHat Linux 6.0 (haven't tested NT4). However
the implimentation will not, in its current state
work for our needs.

There is a SSOD deamon that runs on the unix side
and a service that runs on the windows side. A
password change on the NT side talks to the SSOD
on the unix side, the SSOD edits the
password/shadow file to make the change. It only
uses crypt, no MD5. Going the other way it uses
PAM, which is excellent since RedHat Linux uses
PAM. You insert a line pointing to the included
PAM module in your /etc/pam.d/passwd. Then when
you use the passwd command on the unix side the
pam library sends the cyrpt over to the daemon on
the NT side.

However, we are doing our Single Signon by using
LDAP as our central Auth mechanism, using PAM, and
nsswitch_ldap etc. The problem is that the
Microsoft tool requires the user information to be
in the password files, in both instances. You
would think that in the second instance (unix to
NT using PAM) that it would work with the PAM LDAP
sso that is being used in the pam.d/passwd entry,
however their pam library first calls a function
to see if the user exists in the password file
before allowing the change to be made. It doesn't
use the normal function call for reading the
password file, it does it itself, otherwise it
would hit nsswitch and pull it out of LDAP.

Now I have a programmer here that can add the
hooks to either do the password look ups correctly
both ways through PAM, or change the code to store
the crypt in LDAP, and source is included with the
distribution... however, the code references
librarys that are not included. The code includes
../lib which doesn't exist on the distribution
cdrom for SFU 2.0. When trying to compile you get
3des library errors. We have made some attempts
at reframing the calls to use a standard DES
library distribution, but have been unsuccessfull.

We called Microsoft about it, and they hinted that
they could allow us to talk to the programmer, but
for the cost of an incident. We thought we would
do some research before commiting to a possible
solution for a fee.

Anybody have any luck compiling the SSOD or the
PAM library or have any other information that
might be helpful?

James Janssen
jam...@apu.edu
Sr. SysAdmin
Azusa Pacific University
(Please respond to me directly as well as to the
group)


In article
<40D1CB7FA1EAD311BD610008C733141C2C8BAE@AUS-MSG-02>,
ManishB...@mynd.com (Bhardwaj, Manish)
wrote:

Sent via Deja.com http://www.deja.com/
Before you buy.

hys...@my-deja.com

unread,
Jul 4, 2000, 3:00:00 AM7/4/00
to
0 new messages