best authentication method?

David Collier-Brown David.Collier-Brown at
Tue Sep 12 13:48:46 GMT 2000

Charles Lewis wrote:
[...]						 we are trying to
| figure out what the best way to do authentication. Currently we 
| have the AIX doing successfully doing secure authentication 
| (using pam) since that is where all staff members have an 
| accounts. However, we are having trouble doing domain logins 
| on our Win2K machines.

	As long as you have a firewall between you and
	people snooping for passwords, you have one of 
	the best possible cases, and can get to single-signon
	by playing with the password update facility...

	However, win2k **knows** that you want to do
	things the NT way, and is going to do its best
	to make Unix servers obsolete (;-))

	I normally recommend avoiding the NT version
	of domains, and use a normal DNS domain and a
	Unix authentication server.  This will be seen
	as a workgroup in Windows parlance, but an NT
	domain is nothing but a workgroup and an NT
	authentication server... only the buzzwords
	have changed (;-))

	If you then need to authenticate users again,
	such as for a screensaver or a restricted-usage program,
	you can use normal unix library calls, which will 
	eventually make their way down to pam...

--dave (professional Unix bigot) c-b
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at

More information about the samba mailing list