Hi, this question is primarilly about integration of authentication with Acitive Direcotry, but I want to go past the standard username/password access. On my windows domain I login and am given a token (or something similar) which is accepted by all network resources such as proxies and file shares etc. What I want to be able to do is have the same seamless authentication on a linux box (SUSE or Redhat Enterprise) and not have to enter my uname/pass again (as the simple LDAP scheme usually requires). In fact really I want this to happen for ssh access for reasons I will bore you with if required and have not seen this done anywhere.
Any ideas out there?

Steve

You could use public key authentication instead. However, your private key should be protected (on the client) with a passphrase which means typing in the passphrase at least once. If you use public key authentication, and ssh-agent & ssh-add on the client, you only need to enter the passphrase once on the client. The passphrase or decrypted private key shouldn't exist anywhere.
but in your head.

---
Using username/password challenge authentication is not as secure but if that is what you want to do, look at enabling PAM authentication. AFAIK, if both the client and server use AD/LDAP authentication then the ChallengeResponse ssh authentication will look to PAM to ok the login. Some disto's like SuSE have a wizard in the Users & Groups setup to set this up for you.
Also, enter the terms: "linux pam ldap ssh sso" into google. You will come up with a number of howto pages.

---

I wouldn't recommend this however. Using password authentication allows brute force attacks. Using public key authentication without a passphrase protected private key is dangerous if the private key is stolen. ( This happened to Red Hat recently )

Thanks for the quick response. It looks like there is some stuff out there I might be able to use, the main tip was earching for SSO in addition to the other words which I had already done.
I guess it will take me a nother couple of weeks to evaluate and test the many results available but at least I now have a foot in the door.
If I mange to produce a concise set of instruction for acheivig this I will add them to this thread.
Thanks,

Steve