25 September 2006 - 11:36The Other Symas Product
We're busy deploying "the other Symas product". Like Connexitor™ Directory Services (CDS), Connexitor Naming Services (CNS) is a binary convenience distribution of PADL's pluggable authentication module (PAM) support for OpenLDAP. CNS is the other part of the puzzle for a lot of people.
CNS lets you use CDS/OpenLDAP to store passwords for Linux and UNIX (AIX, HP-UX, Solaris, etc.) systems. The login processes of those systems have been enhanced to use these pluggable authentication modules and PAM-LDAP and PAM-NSS from PADL do just that. Like CDS, the CNS packages make installing PAM support easy and eliminate the vagairies of coordinating release levels and compiling unfamiliar code from source. This makes it quite easy to centralize user identities into a CDS/OpenLDAP directory where they can be managed and monitored centrally.
Simply, install CDS and register all your users. Then install CNS on each of the systems you want to be using your CDS directory for authentication. Set up the config files. And all authentication will be done by PAM back to the CDS directory. Obviously, the systems use SSL/TLS for secure communications. Numerous authentication technologies are supported.
Sure, it's more complicated than that, but it's a lot easier than running around (even over the network) and managing user logins and checking password policy and all. Now you can do it all in/from the directory. (What, did you forget about in-directory password policy management with the Password Policy Overlay?)
No comments:
No trackbacks: