Part III. Centralized Authentication Tools

Networks with many computers frequently set aside one system as an authentication server—a computer that authenticates users for the benefit of other computers. This practice can greatly simplify account maintenance, because you need to maintain only one set of user accounts rather than separate accounts on each computer. This goal is more complex on a multi-OS network than in a single-OS environment, though, because different OSs support different protocols for performing these tasks. This part of the book looks at three protocols that can be used in a mixed Windows/Linux environment: Chapter 7 describes using an NT domain controller, Chapter 8 describes using the Lightweight Directory Access Protocol (LDAP), and Chapter 9 describes using Kerberos. Chapter 7 emphasizes Linux configuration as an authentication client; the Linux server and Windows client sides are covered in Chapter 5. Chapter 8 and Chapter 9 describe both client and server configuration for Linux and client configuration for Windows.

Which tool should you use? All can do the job, but each has its strengths and weaknesses. Broadly speaking, using an NT domain controller works well when you have an existing NT domain controller for file share access and want to apply this existing account database to other purposes. LDAP provides the best support for Linux account data and can also work well with Windows 200x/XP systems, but it doesn’t support Windows 9x/Me very well. Kerberos ...

Get Linux in a Windows World now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.