HPE Community
Operating System - HP-UX
1833048 Members
2500 Online
110049 Solutions
New Discussion

Re: single sign-on

 
Ben Wilson_4
Advisor

‎01-15-2002 09:29 AM

‎01-15-2002 09:29 AM

single sign-on

hi,
i recently disabled root telnet to my servers (6 hp 9000's running 11.0) and now i'm looking for an easy way to maintain user accounts across all the servers. i'm coming from a windows nt/2000 domain background, and i actually miss the ease of administering login scripts, home directories, etc in a windows domain.
any suggestion for products/protocols to use? i have been looking at LDAP, anything that integrated into windows doamin would be great, though not a requirement. i also have a dozen sun boxes, so something that would work on soalris would be nice too.

thanks,
Ben
0 Kudos
Reply
5 REPLIES 5
Justo Exposito
Esteemed Contributor

‎01-15-2002 09:34 AM

‎01-15-2002 09:34 AM

Re: single sign-on

Hi,

Do you know Unicenter from Computer Associates?

Regards,

Justo.
Help is a Beatiful word
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎01-15-2002 09:35 AM

‎01-15-2002 09:35 AM

Re: single sign-on

Hi Ben,

LDAP is a good way to go but it is not supported on Trusted System's. NIS+ can be used and is difficult to administer. NIS is simple but has security implications and is not supported on Trusted systems either. If you are not too concerned about encryptions and if your systems are not trusted, then you can implement NIS. docs.hp.com is a good resource for documentation.

You can also purchase softwares like Control-SA, IT/A to centrally administer the passwords.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Ben Wilson_4
Advisor

‎01-15-2002 09:36 AM

‎01-15-2002 09:36 AM

Re: single sign-on

oops, should have added

$budget = 0;

0 Kudos
Reply
Jeff Machols
Esteemed Contributor

‎01-15-2002 09:37 AM

‎01-15-2002 09:37 AM

Re: single sign-on

You can use NIS or NIS+ for this. This will allow you to have one master (and backups) to administer the accounts, then all the clients will use this to authenticate. You can also use NFS to mount home directories, so all the client machines will use the NFS master to mount /home/user. This way you don't have make a profile change on every client.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎01-15-2002 09:40 AM

‎01-15-2002 09:40 AM

Re: single sign-on

Hi (again)

Another thought.

Install openssh on all the servers and make one of the systems as the gateway. By copying the public keys of the individual accounts onto the gateway server into the corresponding authorized_keys, you can make the users to log on to one server and then do a ssh to other servers without supplying the password. This is more secured way. You can also write scripts that use ssh to create and delete accounts from the gateway server.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.