I Really Can’t Rename My Hosts!
Hello again! In this post I will be sharing some ideas about what you can do to solve a complex identity management challenge.
As the adoption of Identity Management (IdM) grows and especially in the case of heterogeneous environments where some systems are running Linux and user accounts are in the Active Directory (AD) – the question of renaming hosts becomes more and more relevant. Here is a set of requirements that we often hear from customers:
- I want to be able access my Linux hosts with credentials stored in Active Directory.
- I want to be able to centrally manage access control to my Linux hosts for user accounts stored in Active Directory.
- I want to be able to centrally manage privilege escalation (sudo) for user accounts stored in Active Directory.
- I want to be able to control automount maps for my Linux systems centrally.
- I want to be able to jump between my Linux hosts without requiring to enter passwords all the time (SSO).
- I do not want to rename my Linux hosts; they are currently a part of Active Directory DNS domain. There are business critical applications running on them… and (thus) I really can’t rename them.
- I want the solution to be cost effective so that I do not have to pay extra for the integration of Linux systems into my Active Directory environment.
Before we move forward it is important to clarify terminology. When we talk about single-sign-on (SSO) we are talking about the ability for a user to authenticate once and to then access different systems and resources without being challenged for authentication again. This is not the same as having a single account. In fact, all solutions as discussed in this post assume that there is a single user account and that it is stored inside Active Directory. But this is not yet SSO. SSO would be achieved if the user is challenged to provide his password once, usually during the login into his workstation, and then was able to access other systems without being prompted to enter their password again. Also, when we talk about SSO inside the enterprise, the technology that provides such capability is called Kerberos. It is implemented both on the Windows and Linux sides.
Read the entire article here, I Really Can’t Rename My Hosts!
via the fine folks at Red Hat.