[Samba] Re: Re: Single Sign On

Craig White craigwhite at azapple.com
Sun Feb 15 16:52:53 GMT 2004


On Sun, 2004-02-15 at 06:51, Jamrock wrote:
> "John H Terpstra" <jht at samba.org> wrote in message
> news:Pine.LNX.4.50.0402142327150.21157-100000 at dp.samba.org...
> >
> > >
> > > Single Sign On  (SSO) to me is a separate issue.  SSO allows you to have
> one
> > > database of usernames and passwords.  Users can access this database and
> be
> > > authenticated no matter which operating system they are using.
> >
> > Corect. That is exactly what winbind permits. The question asked
> > originally was quite valid and on target. Samba winbind permits use of the
> > Windows (NT4 style or ADS style) accounts (users and groups) for
> > UNIX/Linux system logins.
> >
> >
> > Winbind permits the use of Windows domain accounts as if they were in
> > /etc/passwd (or any other password backend).
> >
> Cool.
> 
> How does NIS replacement fit into all of this?  I have gotten the impression
> that it is a means of using LDAP for authentication instead of the
> /etc/passwd file. Chapter 6 of Jerry's book talks quite a bit about it.
> 
> Is Windbind an easier approach to SSO or the only approach?
----
The reason for winbind is when the unix accounts don't exist on the
local filesystem, it will create them - somewhat on the fly. The
repository of the account information is probably the key. If you are
using ldap, and you can 'replicate' to a slave server on the local
system running samba, that eliminates the need to use winbind. 
LDAP is really the key technology for SSO UNLESS you are trying to use
existing Windows Domain Controllers.

Craig



More information about the samba mailing list