RE: [ActiveDir] Integrating UNIX accounts with AD via Kerberos & LDAP

[joe]

Title: Message

Hmmm did you do a reply instead of a forward?   Did Matt agree with your answers?   ------------- http://www.joeware.net   (download joeware) http://www.cafeshops.com/joewarenet  (wear joeware)       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Eyes Sent: Monday, March 22, 2004 11:50 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Integrating UNIX accounts with AD via Kerberos & LDAP Matt,   See, I got takers   My answer to 1 is : cross AD domain seamlessly -- cross Kerb domain, no (further our discussion last week).   2: Can I say this behavior is per microsoft clients -- I guess this is something vascd would take care of?   dme     -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, March 21, 2004 1:53 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Integrating UNIX accounts with AD via Kerberos & LDAP Hey cool. Actually I believe someone from your company is flying out to chat with some folks at the company I contract for (no need to mention the company as I am not really allowed to) the first week of April. I won't be around as I will be in Redmond that week which sucks as I wanted to see your presentation.   My biggest questions which possibly you can tackle right now are:   1. Does VAS handle cross realm seamlessly? I.E. I have a machine that is in domain D1 and a user in domain D1 and it works fine but then his buddy walks up and needs to log on and do something and tries to log into domain D2. Does it work? Our UNIX Kerberos folks current setup will not work in that situation.   2. How does VAS handle kerberos ticket expiration, does it autorenew in the background like Microsoft clients do? That is a serious concern as we have machines running jobs that can take 2-3 weeks to complete and obviously if they get a ticket the beginning, 10 hours later (assuming defaults) the ticket isn't helping them anymore unless they keep renewing and then get new tickets when the ticket can no longer be renewed.       ------------- http://www.joeware.net   (download joeware) http://www.cafeshops.com/joewarenet  (wear joeware)       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Eyes Sent: Saturday, March 20, 2004 11:05 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Integrating UNIX accounts with AD via Kerberos & LDAP Joe,   If you (or others here) are interested in following up with me here at Vintela, I would be happy to try and put you in touch directly with some of our customers.  Please contact me offline.   David Eyes VAS Product Mangement Vintela, Inc.   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, March 08, 2004 10:16 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Integrating UNIX accounts with AD via Kerberos & LDAP Yeah I was looking this over the other day...   Has anyone been using the VAS product that is described. I would be curious to hear RW experiences.   Our UNIX Kerberos integration folks have been fighting with multirealm issues and cert expiration with chatter about possibly having us extend the expiration on certs where I would be more inclined to shorten the expiration for security reasons [1]. MS really did some good things with kerberos in these areas and it seems MIT isn't really looking at making their version any more friendly to give similar functionality (auto renew, realistic cross-realm) as the MS stuff has built in.       joe       [1] Like for having tickets get reverified more often in case of disabled accounts, etc.   ------------- http://www.joeware.net   (download joeware) http://www.cafeshops.com/joewarenet  (wear joeware)       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, March 03, 2004 3:29 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Integrating UNIX accounts with AD via Kerberos & LDAP Incredible timing Jackson.  Thanks for the guide!   Al From: Jackson Shaw [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 03, 2004 3:13 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Integrating UNIX accounts with AD via Kerberos & LDAP I thought the list might be interested in the following:   The Microsoft Solutions for UNIX Team has released some new guidance that will help you get integrate UNIX accounts with Active Directory.  This is a new solution that covers building security and directory solutions for UNIX using the Windows Server 2003 Active Directory Kerberos and LDAP Services.    Overview   This guide provides prescriptive guidance to enable Microsoft® Windows Server(tm) 2003 to be used for authentication and as an identity and authorization data store within heterogeneous Microsoft Windows® and UNIX environments. The guidance covers evaluating, planning, building, and deploying a security and directory infrastructure based on Windows Server 2003. The guidance will be valuable for business and technical decision makers, IT architects, and systems administrators participating in infrastructure consolidation or integration projects.   http://www.microsoft.com/downloads/details.aspx?FamilyId=144F7B82-65CF-4105-B60C-44515299797D&displaylang=en   Cheers,   Jackson