Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: SUSE Linux Simplifies Interaction with Active Directory

Roy Schestowitz wrote:
> Can Linux Desktops Live in an Active Directory World?
>
> ,----[ Quote ]
> | Here's the short list of what they made accomplished, all with no
> | configuration changes required to the Active Directory system:
> |
> |     * Linux desktops can join Active Directory, becoming actual
> | objects within an Active Directory domain (as workstation objects)


Gee, let's see.  Novell created NetWare Directory Services, which
featured LDAP as a foundation system.  It made navigating through an
LDAP hierarchy seem trivial.

Microsoft decided that they would implement LDAP, so that they could be
part of the "single sign-on" solutions offered by other vendors.  Then
they decided to get nasty and insist that WINDOWS be the master LDAP
server.  To make sure that Windows clients wouldn't be supported by
other systems, Microsoft added new "required" fields to Kerberos, which
they refused to document.  It turned out that one of the new field was
a UUID, which allowed Microsoft to identify any Active Directory user.


There may also be a back-door to enable the access to the LDAP content
itself.  It's possible that this was Microsoft's way of making sure
that a PC user couldn't "spoof" the Kerberos and LDAP servers.

Keep in mind that Linux was so good at WNS, that it could "take over".

> |     * Users can authenticate using their Active Directory credentials

Again, this probably goes back to the fact that Novell NDS was
retrofitted to work with Active Directory.  In addition, LDAP Clients
don't HAVE to provide the credential, it's the server that has to
provide the undocumented response.


> |     * Proper interfaces present to the user according to Active Directory
> | password policy (such as password has expired, do you want to change, and
> | failed attempt due to login time restrictions)

This would be enforced by LDAP.

> |     * Account credentials are securely cached for offline use (ar
> | equirement for mobile users)

This is certainly nice to have, but at can create a security risk.

> |     * Active Directory-based single sign-on works (Kerberos tickets
> | are requested, renewed and refreshed automatically)
> `----

It sure looks like Novell has Microsoft desktops clearly in their
sites.  Even if the machines are sold with Windows, Novell is clearly
ready to do whatever it taks to make it as easy as possible for up to 1
billion people, to install Linux on their machines with minimal traning
or effort.

> http://reverendted.wordpress.com/2006/09/12/linux-goes-mad/
>
> They applied the same type of simplifications to Compiz/XGL.
>
> http://reverendted.wordpress.com/2006/07/02/its-not-xglits-desktop-effects/


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index