Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Directory for user authentication?

> Someone at the company suggested LDAP, which is currently in place for only
> one app (imapd).  Where should I begin to learn about Unix PAM, LDAP, and
> Micro$oft directory services? 

LDAP is a good start. For the Linux part, a lot of the integration can
be done using the pam ldap module. The Linux software you mention
(openssh, imap, pop, samba) should be able to use pam for

There are replacements for the Windows 2k authentication that will work
with Linux LDAP servers ( I think).

I think recent versions of Samba make a decent domain controller. There
have been some limitations (e.g. interactions with Exchange servers...
) this may be fixed in more recent versions, or it may not matter to

A couple other systems to consider for single signon are Radius and
Kerberos. Radius is nice in particular if you are looking for something
that supports strong authentication (e.g. Cryptocard). But these
solutions are usually a bit pricy and may be overkill for a small
company (count on $50-$100 per user).


CTO SANS Internet Storm Center     
phone: (617) 786 1563            
  fax: (617) 786 1550                          jullrich at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <>

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /