NT Domain logon

Nathan Neulinger nneul at umr.edu
Fri Oct 31 14:15:02 GMT 1997

On Fri, Oct 31, 1997 at 12:08:57PM +0000, Luke Kenneth Casson Leighton wrote:
> On Thu, 30 Oct 1997, Nathan Neulinger wrote:
> > > you'll need to do encrypted passwords for your users.  what version of 
> > > unix are you using?  have you looked into PAMs?  (plug-in authentication 
> > > modules)
> > 
> > The problem is, we'll never have cleartext passwords for the user. 
> > Maintaining a separate password database is unnaceptable. If we wanted to 
> > do that, we'd just run NT server.
> > 
> > I'm semi familiar with PAM, but am not sure how they apply to this 
> > situation other than for checking that a given cleartext password is 
> > correct for a particular userid.
> (run two simultaneous PAMs: one kerberos-pam, the other an ntdom-pam.  i 
> think that's the way it works.  each pam will be simultaneously 
> maintaining password databases.  each time the user changes their 
> password, both databases will be updated).
> hang about... could you possibly describe your setup a little more to me, 
> so i can think about this?

Not all of the O/S's we use will support that. We could replace 
/bin/login on all of them... ick. 

Plus, we have over two hundred workstations, mostly HP's. 

If we do something like that, we'll most likely implement a central 
password server of our own design (probably on a linux box) that would 
receive requests to update a password on all services - including Novell, 
NT, AFS, DCE, etc.

-- Nathan

Nathan Neulinger                  Univ. of Missouri - Rolla
EMail: nneul at umr.edu                    Computer Center
WWW: http://www.umr.edu/~nneul      SysAdmin: rollanet.org

More information about the samba mailing list