Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
" I would like to setup Linux to use a Single Sign-On authentication process for all areas where authentication is used. I do not want to maintain 2+ user and password databases for my authentication."
Single sign on means that you maintain a password database that grants access to applications/processesses that the single sign on is priveledged to access.
If you don't want to maintain the database, then you can't do single sign on for very long. If you were to maintain the database/server then you would be using LDAP as an authentication point. If you are in a windows environment, you would setup samba/ldap authentication to the PDC(your linux box).
Samba/CIFS is the lan protocol used for filesharing with windows machines. LDAP is what controls access priveledges similar to active directory for windows. Apache is what serves web pages. Squid is what cache's web pages to conserve bandwidth and filter content. The only relation between them would be Webmin administration. Other than that, they have nothing to do with the other.
Ok. Would I still need to create two users when I create a user for Samba.
This is what I want to prevent. I want to create one user and password that will be able to access my Linux server, connect to my Samba shares, use my Squid authentication onto the internet and authenticate to Apache for access to certain web content in a local intranet web site.
I need to create one user account per user in the company.
You can use PAM, which is the standard linux MD5 shadow password file. Just adduser MonkeyHo.
Samba can use PAM to authenticate users. You can set the same username and password for squid authentication if you wish.
Squid can also use PAM, but you would need to configure the proxy port number for each station. Unless you don't bother with authentication and do transparent squid proxy caching(it doesn't hurt anything to cache). Squid routing is controlled by routing ipness, not by a login name. You have to specify which class C or IP gets to have the internet by IP only.
And if you want to authenticate to a web page, you can surely do that, again with PAM. I don't know why you would want to do that, but that's your business.
And so, you can have your user login to a web page/samba/PAM with the same password as they all use PAM. The routing of internet web pages is not though- controlled by login, but by location(IP). The iptables/shorewall configuration on your proxy server/firewall cannot be dynamically configured depending on who logs into a client box that has nothing to do with it. That's not what proxy servers do.
You can set up rules for authentication to proxy, but that again is done by location since you have to type the l/p into every browser you want to give access too. And so it's a moot issue since you can just block their IP or Class.