As part of the effort to move to a Single Sign On (SSO) system, effectively eliminating the need for multiple computer accounts (at least in terms of passwords), all Sun servers (currently used only for the thin clients in the AP Computer Science lab) are now using an LDAP/Kerberos scheme to authenticate using Windows accounts.
POSIX attributes (uid, gid, POSIX logon username) are currently manually imported by scripts.
Software not critical to the direct functionality of authentication are not listed here.
Sun Java System Directory Server Enterprise Edition v5.2 (2005Q4)
Sun Java System Directory Server
- Sun's equivalent of slapd
- Fully integrates with nsswitch for all databases (passwd, group, auto_home, hosts, etc.)
Sun Java System Identity Synchronization for Windows
- Connects and synchronizes users from Active Directory to Sun LDAP server and maps specified attributes (currently only one-way)
- PAM module for authentication. Where possible, we use pam_krb5 from Debian's source repository instead of the stock Solaris 10 pam_krb5 since Solaris' pam_krb5 does not properly implement use_first_pass behavior.
- PAM module that can set up a PAG and run a program to get AFS tokens. This module can run either in auth or session (we prefer auth so that things that don't process PAM-session like scp will also get tokens).
|Description||Active Directory||Sun LDAP|
|Description (grad year for current students)||description||description|