NT Domain logon
Nathan Neulinger
nneul at umr.edu
Fri Oct 31 14:15:02 GMT 1997
On Fri, Oct 31, 1997 at 12:08:57PM +0000, Luke Kenneth Casson Leighton wrote:
> On Thu, 30 Oct 1997, Nathan Neulinger wrote:
>
> > > you'll need to do encrypted passwords for your users. what version of
> > > unix are you using? have you looked into PAMs? (plug-in authentication
> > > modules)
> >
> > The problem is, we'll never have cleartext passwords for the user.
> > Maintaining a separate password database is unnaceptable. If we wanted to
> > do that, we'd just run NT server.
> >
> > I'm semi familiar with PAM, but am not sure how they apply to this
> > situation other than for checking that a given cleartext password is
> > correct for a particular userid.
>
> (run two simultaneous PAMs: one kerberos-pam, the other an ntdom-pam. i
> think that's the way it works. each pam will be simultaneously
> maintaining password databases. each time the user changes their
> password, both databases will be updated).
>
>
> hang about... could you possibly describe your setup a little more to me,
> so i can think about this?
Not all of the O/S's we use will support that. We could replace
/bin/login on all of them... ick.
Plus, we have over two hundred workstations, mostly HP's.
If we do something like that, we'll most likely implement a central
password server of our own design (probably on a linux box) that would
receive requests to update a password on all services - including Novell,
NT, AFS, DCE, etc.
-- Nathan
------------------------------------------------------------
Nathan Neulinger Univ. of Missouri - Rolla
EMail: nneul at umr.edu Computer Center
WWW: http://www.umr.edu/~nneul SysAdmin: rollanet.org
More information about the samba
mailing list