Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 63
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
1 The Windows domain controller providing both LDAP and KDC (Key Distribu-
tion Center) services is located.
2 A machine account for the joining client is created in the directory service.
3 An initial ticket granting ticket (TGT) is obtained for the client and stored in its
local Kerberos credential cache. The client needs this TGT to get further tickets
allowing it to contact other services, like contacting the directory server for LDAP
queries.
4 NSS and PAM configurations are adjusted to enable the client to authenticate
against the domain controller.
During client boot, the winbind daemon is started and retrieves the initial Kerberos
ticket for the machine account. winbindd automatically refreshes the machine's ticket
to keep it valid. To keep track of the current account policies, winbindd periodically
queries the domain controller.
5.2.2 Domain Login and User Homes
The login managers of GNOME and KDE (GDM and KDM) have been extended to
allow the handling of AD domain login. Users can choose to log in to the primary domain
the machine has joined or to one of the trusted domains with which the domain controller
of the primary domain has established a trust relationship.
User authentication is mediated by a number of PAM modules as described in
tion 5.2, "Background Information for Linux AD Support"
_winbind module used to authenticate clients against Active Directory or NT4 domains
is fully aware of Windows error conditions that might prohibit a user's login. The
Windows error codes are translated into appropriate user-readable error messages that
PAM gives at login through any of the supported methods (GDM, KDM, console, and
SSH):
Password has expired
The user sees a message stating that the password has expired and needs to be
changed. The system prompts directly for a new password and informs the user if
the new password does not comply with corporate password policies, for example,
the password is too short, too simple, or already in the history. If a user's password
change fails, the reason is shown and a new password prompt is given.
Sec-
(page 48). The pam
Active Directory Support
51
Advertisement
Table of Contents
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
Related Products for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
- NOVELL EDIRECTORY 8.8 SP2 - GUIDE 10-2007
- NOVELL EDIRECTORY 8.8 SP5 - GUIDE 12-2009
- NOVELL IDENTITY MANAGER 3.6.1 - WORKORDER DRIVER IMPLEMENTATION GUIDE 18-12-2009
- NOVELL LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009
- NOVELL OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - UPGARDE GUIDE 10-09-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - VIRTUAL MACHINE MANAGEMENT GUIDE 10-17-2009
- NOVELL PRODUCT NAME 10.3 - DEPLOYING ZENWORKS ON CITRIX SERVER BEST PRACTICES GUIDE 12-13-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.1 - ADMINISTRATION GUIDE 12-23-2005
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0.2 - INTEGRATION AND STREAMING GUIDE 11-2010
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL CUSTOMER CENTER 2.3 - GUIDE 4-8-2009
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009