We've got a bunch of PCs (NT4, 2000, XP) on an NT4 domain (likely to be
Active Directory at some point soon), some UNIX boxes (Solaris 2.6-9,
Linux), and various other machines and services that each have their own
unique user databases.
We'd really like to centralize all of this as much as we can. We'd also like
to be able to enforce regular password changes (I'm fighting for 180 days,
the Sarbannes-Oxley auditors may force us to go to something much less - no
one seems to appreciate the sticky-note-on-monitor problem), as well as
enforcing "good" passwords, and preventing the re-use of old passwords. Some
systems have the ability to do some of this individually (NT, UNIX), but
some have no option at all for enforcing changes.
This all points us towards trying to build something centrally to
authenticate; we'd love it if we could authenticate as much as possible in
one place - NT domain, Solaris, Linux, Oracle Applications (ERP), VPN,
dialin, internal web server, etc...
I'm finding a hard time googling for good resources on the options
available.
I know when I last worked for the CSL (nearly a *decade* ago... holy crap!),
Kerberos was fairly newly implemented. Perhaps this an option (but I recall
it being somewhat painful to implement at the time, and I'm not sure how
well it can integrate into all of the various systems we've got).
RADIUS, LDAP, Kerberos, etc... surely there is a best-practices guide
somewhere on what we can do.
Any suggestions?
thanks!
johnS
|
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}