Directory for user authentication?

Rich Braun richb at pioneer.ci.net
Thu Nov 27 14:04:14 EST 2003


I haven't seen much discussion of this topic here, but I'd love to share info
about setting up single-signon capability for a small company.  Today the
company lives with a less-than-acceptable solution:  files are read/write to
anyone (the equivalent of handing root out to the whole staff), and various
apps that require usernames are configured separately with no attempt to
synchronize passwords.

I proposed using Samba as the authenticator because I know how it works, and
can get it tied in with NIS.  But the world's gone Microsoft so that may not
be the best solution (Microsoft has various annoying client-license
restrictions which prevent Samba from being what I want it to be).

I want to present the company with a single application that can authenticate
from a master user list the following apps:

 sshd
 imapd
 windows login
 smb shares
 MySQL
 bugzilla
 cvs
 Apache httpd (in lieu of those annoying .htpasswd files)

Someone at the company suggested LDAP, which is currently in place for only
one app (imapd).  Where should I begin to learn about Unix PAM, LDAP, and
Micro$oft directory services?  Is the state of the art in this technology just
as much of a mess as it was when we contemplated this at ShoreNet 3 or 4 years
ago?  Is this a 6-month ordeal, or can it be done in a matter of a week of
downloading/rebuilding apps?

-rich




More information about the Discuss mailing list