Single sign-on

SSO: SambaTNG? NDS? Pam-SMB + LDAP?

You can link passwords on Linux and NT/Win2K systems together with the help of PAM SMB modules. There are also some PAM modules in existence for validating logins into Linux through various versions of Netware but normally the Netware

server has to be operating in a bindery mode. I am not sure of too many authentication modules which actually work with a NDS tree directly.

What about loading LDAP on a Netware server and then using PAM-LDAP?

Either method reduces the problem to two sources of authentication: NDS and NTLM. Adding NDS for NT should reduce that to one source: NDS.

BorderManager Authentication is a radius server for netware, it doesn't do much except for authenticate users accessing servers runing as radius clients. Typical example your cisco, & our ascend NAS

(N)etwork (A)ccess (S)erver box.. <-- btw that nas was used before network access storage>, Dean Thompson writes: >server has to be operating in a bindery mode. I am not sure of too many >authentication modules which actually work with a NDS tree directly.

NDS-AS does. Quite nicely. Does mainframes (MVS with RACF or ACF2) and several *nix flavours, too. Highly recommended.

NetWare and Linux are easy, Novell's NDS Authentication Server (NDS-AS) will do that quite nicely. Windows is harder, but can be done with the Account Management product. The version that was just recently released does MAD integration.

There is a fairly new product from Novell called Novell Single Sign-on that supposedly does exactly this.

http://www.nwconnection.com/dec.98/bmasd8/
Novell's BorderManager Authentication Service integrates Remote Authentication Dial-In User Service (RADIUS) with Novell Directory Services (NDS) to offer security and other capabilities you need to set up and manage remote access to your company's network.

Resources