Table of Contents
Advertisement
Kerberos
Kerberos is a third-party trusted authentication service. All its clients trust Kerberos's
judgment of another client's identity, enabling kerberized single-sign-on (SSO)
solutions. Windows supports a Kerberos implementation, making Kerberos SSO
possible even with Linux clients. To learn more about Kerberos in Linux, refer to
Chapter 41, Network Authentication—Kerberos
The following client components process account and authentication data:
Winbind
The most central part of this solution is the winbind daemon that is a part of the
Samba project and handles all communication with the AD server.
NSS (Name Service Switch)
NSS routines provide name service information. Naming service for both users
and groups is provided by nss_winbind. This module directly interacts with
the winbind daemon.
PAM (Pluggable Authentication Modules)
User authentication for AD users is done by the pam_winbind module. The
creation of user homes for the AD users on the Linux client is handled by pam
_mkhomedir. The pam_winbind module directly interacts with winbindd. To
learn more about PAM in general, refer to
(page 495).
Applications that are PAM-aware, like the login routines and the GNOME and KDE
display managers, interact with the PAM and NSS layer to authenticate against the
Windows server. Applications supporting Kerberos authentication, such as file managers,
Web browsers, or e-mail clients, use the Kerberos credential cache to access user's
Kerberos tickets, making them part of the SSO framework.
12.2.1 Domain Join
During domain join, the server and the client establish a secure relation. On the client,
the following tasks need to be performed to join the existing LDAP and Kerberos SSO
environment provided by the Window domain controller. The entire join process is
handled by the YaST Domain Membership module that can be run during installation
or in the installed system:
306
Deployment Guide
(page 749).
Chapter 24, Authentication with PAM
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008
Related Products for Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL APPARMOR 2.0.1 - ADMINISTRATION GUIDE 05-2008
- NOVELL EDIRECTORY 8.8 - GUIDE 09-2006
- NOVELL INTELLISYNC MOBILE SUITE 7.0 - SECURE GATEWAY ADMINISTRATOR GUIDE 04-2006
- NOVELL LINUX ENTERPRISE DESKTOP 10 SP1 - START UP GUIDE 03-15-2007
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - LAB GUIDE 01-19-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.2 - ADMINISTRATION GUIDE 09-2007
- NOVELL ZENWORKS LINUX MANAGEMENT 7.2 IR2 - ADMINISTRATION GUIDE 09-25-2008
- NOVELL ZENWORKS LINUX MANAGEMENT 7.3 IR2 - ADMINISTRATION GUIDE 02-12-2010
- NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010
- NOVELL ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0 - INTEGRATION AND STREAMING GUIDE 05-07-2010
- NOVELL PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010