Charles Lewis wrote:
[...] we are trying to
| figure out what the best way to do authentication. Currently we
| have the AIX doing successfully doing secure authentication
| (using pam) since that is where all staff members have an
| accounts. However, we are having trouble doing domain logins
| on our Win2K machines.
As long as you have a firewall between you and
people snooping for passwords, you have one of
the best possible cases, and can get to single-signon
by playing with the password update facility...
However, win2k **knows** that you want to do
things the NT way, and is going to do its best
to make Unix servers obsolete (;-))
I normally recommend avoiding the NT version
of domains, and use a normal DNS domain and a
Unix authentication server. This will be seen
as a workgroup in Windows parlance, but an NT
domain is nothing but a workgroup and an NT
authentication server... only the buzzwords
have changed (;-))
If you then need to authenticate users again,
such as for a screensaver or a restricted-usage program,
you can use normal unix library calls, which will
eventually make their way down to pam...
--dave (professional Unix bigot) c-b
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb@canada.sun.com