[UFO Chicago] Central Authentication; Replacement for Windows

[Brian Sobolak]

Douglas Thompson wrote:
> I'm looking for the best and most secure way to replace an existing
> Windows domain infrastructure with a Linux infrastructure.  The Linux
> solution should provide central authentication, email and global
> address book.

This is usually provided by LDAP in one form or another.  Window's Active
Directory implements LDAP with some extensions (I believe.  I lost track
of it around Win2K.)

> This new environment will be serving Windows based
> clients, and should, if possible, implement a single sign-on
> mechanism, whereby, allowing all authentication tokens to be updated
> by changing one password.

The key is to instruct your applications to use LDAP as your
authentication source.  It should work.

> I've looked at qmail, samba and openLDAP,
> but am not sure if this is the correct method or if it will support
> all requirements.  Any ideas?

Samba and openLDAP are on the right track.  I think for mail, if you're
looking for single-sign on, you might want to consider IMAP packages like
Cyrus that perform authentication against LDAP.  The authentication for
qmail usually happens at a layer "above" qmail.

You can certainly build it yourself using those components.  Another
option might be to buy a Linux/Unix distribution that has it all working
for you.  Suse used to have a product that was aimed towards this type of
situation; I'm sure RedHat would as well.

(If you're willing to leave your dogma at the door, I happen to this Apple
has quite a compelling offer in this space.  Hardware is a bit more, but
imho it's worth it for most businesses. 
<http://www.apple.com/server/macosx/> )

--
Brian Sobolak
http://www.planetshwoop.com/