centralized, multi-OS authentication ?



E-Double
07-09-2005, 11:53 PM
in a mixed environment with mainframes, unix/linux, windows, etc... is there
some way to have a centralized authentication server or service that users
can authenticate to once ( kerberos ? ldap ? ) and then pass the
authentication on to all of the other hosts in the mixed environment ? not
sure what the best way to go about this is, but when passwords expire on each
host every 90 days its a nightmare to sync all of the new passwords on all of
the different machines. tia for any help or guidance on this one ...

Matt Gibson
07-09-2005, 11:53 PM
Google "Radius"

Matt Gibson - GSEC

"E-Double" <EDouble@discussions.microsoft.com> wrote in message
news:441F97D6-6D2F-4F75-9E14-7DB75638CE53@microsoft.com...
> in a mixed environment with mainframes, unix/linux, windows, etc... is
> there
> some way to have a centralized authentication server or service that users
> can authenticate to once ( kerberos ? ldap ? ) and then pass the
> authentication on to all of the other hosts in the mixed environment ? not
> sure what the best way to go about this is, but when passwords expire on
> each
> host every 90 days its a nightmare to sync all of the new passwords on all
> of
> the different machines. tia for any help or guidance on this one ...

E-Double
07-09-2005, 11:53 PM
will radius work well in an internal LAN environment ? MS apparently has
their IAS (radius) server, but it says that it will only support up to 50
clients.



"Matt Gibson" wrote:

> Google "Radius"
>
> Matt Gibson - GSEC
>
> "E-Double" <EDouble@discussions.microsoft.com> wrote in message
> news:441F97D6-6D2F-4F75-9E14-7DB75638CE53@microsoft.com...
> > in a mixed environment with mainframes, unix/linux, windows, etc... is
> > there
> > some way to have a centralized authentication server or service that users
> > can authenticate to once ( kerberos ? ldap ? ) and then pass the
> > authentication on to all of the other hosts in the mixed environment ? not
> > sure what the best way to go about this is, but when passwords expire on
> > each
> > host every 90 days its a nightmare to sync all of the new passwords on all
> > of
> > the different machines. tia for any help or guidance on this one ...
>
>
>

Matt Gibson
07-09-2005, 11:53 PM
Radius can work wherever you want it to. While MS has its own Radius, I'd
look at another implementation. Try Steel Belted Radius.

Matt Gibson - GSEC

Roger Abell
07-09-2005, 11:53 PM
What you are looking for is an identity management system.
The offering from Microsoft is MIIS and it can do all that
you have mentioned (as it was designed to handle enterprise
provisioning/deprovisioning across disparate systems,
password sync, etc.)
http://microsoft.com/miis
--
Roger Abell
Microsoft MVP (Windows Security)

"E-Double" <EDouble@discussions.microsoft.com> wrote in message
news:441F97D6-6D2F-4F75-9E14-7DB75638CE53@microsoft.com...
> in a mixed environment with mainframes, unix/linux, windows, etc... is
there
> some way to have a centralized authentication server or service that users
> can authenticate to once ( kerberos ? ldap ? ) and then pass the
> authentication on to all of the other hosts in the mixed environment ? not
> sure what the best way to go about this is, but when passwords expire on
each
> host every 90 days its a nightmare to sync all of the new passwords on all
of
> the different machines. tia for any help or guidance on this one ...


centralized, multi-OS authentication ?