[ale] Mixed environments, central authentication, and central user management?

Jim Kinney jim.kinney at gmail.com
Thu Oct 30 11:17:37 EDT 2014


RHEL IdM or the upstream FreeIPA solution. It can auth against AD but
handles the ID/GID, etc. for RHEL users. Uses kerberos and LDAP.

On Thu, Oct 30, 2014 at 10:45 AM, James Sumners <james.sumners at gmail.com>
wrote:

> I administer RHEL systems in an environment that is primarily managed by a
> Windows domain. That is, Active Directory (AD) controls usernames,
> passwords, and all that jazz. I have my RHEL systems _authenticating_
> against AD but that's it. I don't pull user ids, group ids, shells, group
> memberships, or anything else out of AD. I'm at the point where I want to
> move in that direction, though. And that's where I'd like some input from
> the list...
>
> I can work with the AD administrator to get whatever attributes added that
> I need to make such a scenario work. But I wonder if that's worth it. Would
> it be better to setup a vanilla LDAP server specifically manage the RHEL
> users? If I did that, would I be able to pass the authentication along to
> the AD server but get the details out of the LDAP server? Or should I setup
> a Kerberos server that communicates with AD in addition to the LDAP server?
>
> What are you guy's experience in this regard? How did you solve this
> problem?
>
> --
> James Sumners
> http://james.roomfullofmirrors.com/
>
> "All governments suffer a recurring problem: Power attracts pathological
> personalities. It is not that power corrupts but that it is magnetic to the
> corruptible. Such people have a tendency to become drunk on violence, a
> condition to which they are quickly addicted."
>
> Missionaria Protectiva, Text QIV (decto)
> CH:D 59
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain


*http://heretothereideas.blogspot.com/
<http://heretothereideas.blogspot.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20141030/90ecc74d/attachment.html>


More information about the Ale mailing list