Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 112
Rep:
Single Sign in Facility
Dear All,
I have to deploy a single sign in facility in my organisation. Every user who is working in the organisation will able to access internet, web server, mail server, gate entry (Boimetric System), wiki, Desktop login by giving his Username and password. By this way the management and security managed in a better way.
This isn't something I've ever had to engage in, but based upon what I've seen in existing installations, you might want to start by looking at using Kerberos + LDAP. If you have Windows hosts in the mix, you will probably want to include Samba.
yes, you need to configure ldap+ krbs solution .. for quick start freeIPA is good way, else you can build it from scratch, means by installing packages and configuration them by own.
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 112
Original Poster
Rep:
Quote:
Originally Posted by em31amit
yes, you need to configure ldap+ krbs solution .. for quick start freeIPA is good way, else you can build it from scratch, means by installing packages and configuration them by own.
Thanks for reply. I have mixed desktop environment ( Windows + Linux). Is there any dedicated how to for freeIPA setup in ubuntu.
Distribution: Centos 5.8, 6.5 Linux Mint 13 & 16, OpenSuse 12
Posts: 112
Original Poster
Rep:
Quote:
Originally Posted by em31amit
yes, you need to configure ldap+ krbs solution .. for quick start freeIPA is good way, else you can build it from scratch, means by installing packages and configuration them by own.
Thanks for replying. I have to implement single sign in facility in MS Windows and Linux environment. Is there and specific straight forward how to deploy freeIPA in ubuntu LTS.
oh, you need it for ubuntu. I think it is not available for ubuntu to make it as server. freeIPA project is started by redhat so little specific to RPM based distro's
Thanks for replying. I have to implement single sign in facility in MS Windows and Linux environment. Is there and specific straight forward how to....
Thanks, hope that you are suggesting me these url after being well tested by Ubuntu community.
I can't make you any guarantees about wiki or other community information. I am reasonably certain that Samba+Kerberos+LDAP is the answer to your situation, but it goes way beyond a how-to that can be given to you in a forum as it is a complex process involving many layers of software and configuration. This is something that you are going to have to research, learn, and understand BEFORE you begin this process. If you try to rely on a step-by-step how-to or other cookbook like documentation for this process, you will most likely fail. Hopefully the links that I provided will enable you to get started on the learning process by pointing you in the right direction.
In any case, at this point you know the concepts of what you must technically do, and you know that Linux can do it. You've also been pointed to in-depth documentation resources. To proceed from this point, you'll need to work closely with your colleagues on the Windows side. You don't have to write anything; don't have to invent anything. You do have to learn how to set it up correctly for your shop. (And if you notice my hands waving in the air right now, you're right ...)
Microsoft's "Active Directory™" is LDAP by any other name. (Almost. "Of course... it's Microsoft." ) Kerberos is another, slightly older albeit more security-conscious, standard. Both of these provide the means for a central authority to set up rules that everyone else can query through a consistent interface. They've also thought-out what to do when a computer is off-line to the authority, and they've also thought-out how the authority is distributed among multiple computers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.