integrating non dce dfs desktops into an existing dce dfs
play

Integrating non-DCE/DFS Desktops into an existing DCE/DFS - PowerPoint PPT Presentation

Oct 27, 2022 •10 likes •200 views

Integrating non-DCE/DFS Desktops into an existing DCE/DFS Environment Markus Zahn Computer Centre Augsburg University Markus.Zahn@RZ.Uni-Augsburg.DE May 2000 Integrating non-DCE/DFS Desktops into an existing DCE/DFS Environment Overview

  1. Integrating non-DCE/DFS Desktops into an existing DCE/DFS Environment Markus Zahn Computer Centre Augsburg University Markus.Zahn@RZ.Uni-Augsburg.DE May 2000

  2. Integrating non-DCE/DFS Desktops into an existing DCE/DFS Environment Overview • Introduction • Environment and Goals • Solution for Linux Clients • Upcoming Solution for Windows Clients • Conclusions • References Markus Zahn — Augsburg University, Computer Centre 1

  3. Introduction, assumptions and environment Introduction • Large computing environments consist of many different platforms. – Unix (Solaris, HP/UX, AIX, . . . including Linux) – Windows 3.x/95/98/NT – Mac – . . . • Each platform has its own native authentication mechanism. • Each platform has its own native file sharing facilities. ⇒ There is definitely a great demand for both a single sign on solution and a common file system. Markus Zahn — Augsburg University, Computer Centre 2

  4. Introduction, assumptions and environment Basic Approach • Idea: Make use of a distributed system based on Unix and handle desktop access via gateway solutions (e.g. Samba, netatalk, . . . ). • NIS/NFS is not really desireable (security, scalability). • Make use of DCE/DFS: – Implementations for most Unix systems. – Windows and Mac implementation. Markus Zahn — Augsburg University, Computer Centre 3

  5. Introduction, assumptions and environment Advantages • Leverage existing capital investment and expertise to provide file services from Unix to the different desktop systems. • Increase service by providing one single password for login, mail service etc. • Provide for Unix-based account mangement. Markus Zahn — Augsburg University, Computer Centre 4

  6. Introduction, assumptions and environment Caveats • No DCE/DFS for Linux (at least no DFS): – How to authenticate against DCE? – Using the DFS/NFS gateway is far too much trouble (regarding authentica- tion/authorization). • No DFS support for Mac and Windows � = NT ⇒ Samba, netatalk. • Login integration not too smart on Windows: – Accounts have to be known by DCE and Windows. – Make use of a customized GINA or find a different approach. Markus Zahn — Augsburg University, Computer Centre 5

  7. Introduction, assumptions and environment Augsburg University’s Environment • Overall – 11 000 enrolled students. – 1 000 employees. • DCE cell (growing since 1994) – DCE/DFS is backbone of account management and file sharing. – 9 000 registered student accounts. – 600 registered employee accounts. – 400 affiliates with accounts. • Windows NT domain (students only, since 1996) – Student accounts derived from DCE registry. – Continued for traditional reasons mainly. Markus Zahn — Augsburg University, Computer Centre 6

  8. Our Solution In general • Modify client systems as few as possible. • Make use of SSL to secure connections. Linux integration • “Pluggable Authentication Module” (PAM) to allow integrated login. • Implicit DFS/NFS Gateway authentication/mapping. • Extend “Name Service Switch” (NSS) for DCE registry lookups. Markus Zahn — Augsburg University, Computer Centre 7

  9. Our Solution, continued Windows integration (in progress) • Synchronize Windows NT and DCE registry. • Use integrated login (login against NT and DCE registry) and native DFS support on DCE/DFS-integrated systems. • Use SMB gateways elsewhere (e.g. Samba with Paul Henson’s extensions). • No modifications on the clients (except installation of DCE/DFS). Markus Zahn — Augsburg University, Computer Centre 8

  10. Inside PAM/NSS for Linux Extending Linux Major Components • “Pluggable Authentication Module” (pam dce.so) to authenticate users. • “Name Service Switch” extension (libnss dce.so.2) to make DCE registry lookups. • PAM-Dæmon on DFS/NFS Gateway server to process PAM requests and establish DFS/NFS mapping. • NSS-Dæmon on any DCE client to process NSS requests. Markus Zahn — Augsburg University, Computer Centre 9

  11. Inside PAM/NSS for Linux Conceptual Overview Linux Client libnss_dce.so.2 pam_dce.so NFS Client SSL DCE Client DCE nssdced Registry pamdced DFS/NFS NFS Server Gateway DFS Markus Zahn — Augsburg University, Computer Centre 10

  12. Inside PAM/NSS for Linux Linux Configuration • Compile/install modules (/lib/security/pam dce.so and /lib/libnss dce.so.2). • Setup PAM/DCE configuration (/etc/security/pam dce.conf). • Install SSL certificate (/etc/security/pam dce.pem). • Modify PAM configuration (e.g. /etc/pam.d/login): auth required /lib/security/pam_dce.so • NSS/DCE configuration (/etc/nss dce.conf). • Modify NSS configuration (/etc/nsswitch.conf): passwd: files dce group: files dce Markus Zahn — Augsburg University, Computer Centre 11

  13. Inside PAM/NSS for Linux Dæmon Setup • Compile/install dæmons on DCE client (/usr/local/pam nss/pamdced and /usr/local/pam nss/nssdced). • Create/install SSL certificate. • Add pamdced to /etc/inetd.conf. • Add nssdced to /etc/rc.local. Markus Zahn — Augsburg University, Computer Centre 12

  14. Inside PAM/NSS for Linux Current Status What is implemented . . . √ Authentication via PAM. √ Establish DFS/NFS mapping via PAM. √ SSL to secure PAM connections (i.e. password transfers). √ Support for the most important lookup methods (getpwnam(), getpwuid(), getgrnam() and getgrgid()). Markus Zahn — Augsburg University, Computer Centre 13

  15. Inside PAM/NSS for Linux Current Status, continued What is not implemented (yet) . . . – No session support, no kdestroy equivalent ( ⇒ security issue). – No password managment yet. – Not all lookup methods implemented for performace reasons (setpwent(), endpwent(), getpwent(), setgrent(), endgrent() and getgrent()). – No support for multiple nssdced Dæmons (within client configuraton) yet. Markus Zahn — Augsburg University, Computer Centre 14

  16. Integrating Windows clients We are planning to . . . • make use of existing Windows NT servers (mainly for traditional reasons). • synchronize DCE registry and Windows NT registry. – Add new accounts to both registries. – Propagate password changes from DCE to NT and vice versa. – Use password stength facilities of DCE (password strength server) and NT (password strength DLL) • use patched Samba to export DFS home directories. Markus Zahn — Augsburg University, Computer Centre 15

  17. Integrating Windows clients Conceptual Overview Windows 3.x/95/98 Windows NT DCE/DFS Client Integrated Login authentication DFS access authentication authentication Windows NT PDC DCE Client DCE/DFS Client DCE/DFS Client DCE/DFS Client PWD Strength DLL PWD Strength SMB Gateway SMB Gateway SMB Gateway Server SSL password propagation DCE registry Markus Zahn — Augsburg University, Computer Centre 16

  18. Conclusions • PAM/NSS-DCE integration for Linux in production use for > 2 months now. • DFS access over DFS/NFS Gateway is restricted to NFS capabilities (e.g. no ACL support). • Installation is plug & play. • No major problems up to now. • Additional features on wish list. Markus Zahn — Augsburg University, Computer Centre 17

  19. References • PAM/NSS-DCE Homepage: http://www.rz.uni-augsburg.de/~zahn/pam_nss_dce/ • Linux-PAM: ftp://ftp.kernel.org/pub/linux/libs/pam/index.html • The GNU C Library — System Databases and Name Service Switch: http://www.gnu.org/manual/glibc-2.0.6/html_chapter/libc_25.html • Paul Henson’s Samba patches and authentication extensions: http://www.csupomona.edu/~henson/www/projects/dce_patches/samba/ http://www.csupomona.edu/~henson/www/projects/sec_auth/ • Synchronizing NT and Unix passwords with DCE: http://www.icaen.uiowa.edu/ntpw/ Markus Zahn — Augsburg University, Computer Centre 18

Recommend

Remote access access to GP Desktops Desktops Desktops Desktops Dr Paul Mi aul Miller SCIMP

Remote access access to GP Desktops Desktops Desktops Desktops Dr Paul Mi aul Miller SCIMP

Remote access access to GP Desktops Desktops Desktops Desktops Dr Paul Mi aul Miller SCIMP CIMP paulmiller@ ler@nhs.net Remote Access Access to desktop Applications Files E-mail Web From Home Nursing Homes

595 views • 26 slides
Integrating Existing IoT systems: LA smart parking use case By Georgios Bouloukakis

Integrating Existing IoT systems: LA smart parking use case By Georgios Bouloukakis

Integrating Existing IoT systems: LA smart parking use case By Georgios Bouloukakis boulouk@gmail.com Joint work with: Pierre-Guillaume Raverdy, Patient Ntumba, Nikolaos Georgantas & Valerie Issarny Feb 2020, Los Angeles City Hall

457 views • 22 slides
INTEGRATING PAID FAMILY & MEDICAL LEAVE INTO YOUR EXISTING BENEFITS PRESENTED BY PATTY BORST

INTEGRATING PAID FAMILY & MEDICAL LEAVE INTO YOUR EXISTING BENEFITS PRESENTED BY PATTY BORST

INTEGRATING PAID FAMILY & MEDICAL LEAVE INTO YOUR EXISTING BENEFITS PRESENTED BY PATTY BORST AND DAVID SETZKORN October 10, 2019 1 AGENDA 1. Overview 2. Federal Landscape 3. State Landscape 4. Impact to STD, LTD, & Company Paid

429 views • 40 slides
puavo.org Managing Linux desktops in large-scale (in Finnish schools) Juha Erkkil a Opinsys

puavo.org Managing Linux desktops in large-scale (in Finnish schools) Juha Erkkil a Opinsys

puavo.org Managing Linux desktops in large-scale (in Finnish schools) Juha Erkkil a Opinsys Juha Erkkil a (thats me!) free software hobbyist since 1999 working at Opinsys since 2008 to develop and deploy Linux desktops in

840 views • 20 slides
NVIDIA GRID Linux Virtual Desktops with NVIDIA Virtual GPUs for Chip-Design Applications Shailesh

NVIDIA GRID Linux Virtual Desktops with NVIDIA Virtual GPUs for Chip-Design Applications Shailesh

NVIDIA GRID Linux Virtual Desktops with NVIDIA Virtual GPUs for Chip-Design Applications Shailesh Deshmukh Sr Solutions Architect ShaileshD@Nvidia.com Eric Kana Sr. Solutions Architect Ekana@Nvidia.com Introducing VDI Linux Desktops

592 views • 23 slides
Designing Fast Virtual Desktops for Healthcare What is VDI* and why is it important to healthcare?

Designing Fast Virtual Desktops for Healthcare What is VDI* and why is it important to healthcare?

Designing Fast Virtual Desktops for Healthcare What is VDI* and why is it important to healthcare? Cost = Savings .. Ease of use * VDI - Virtual Desktop Infrastructure .. Quick app updates .. Security Shared computing resources

406 views • 36 slides
Attitude Avengers Integrating Systems to Promote Camisha L. Perry, Principal Social/Emotional

Attitude Avengers Integrating Systems to Promote Camisha L. Perry, Principal Social/Emotional

Attitude Avengers Integrating Systems to Promote Camisha L. Perry, Principal Social/Emotional Learning Anne Davis, Clinical Therapist / SEL Liaison Attitude Avengers Welcome Attitude Avengers By integrating the existing systems at Deerwood

335 views • 29 slides
From Derricks to Desktops litigation in the oil patch David Kirk, CPA, ABV, CFF Forensics

From Derricks to Desktops litigation in the oil patch David Kirk, CPA, ABV, CFF Forensics

From Derricks to Desktops litigation in the oil patch David Kirk, CPA, ABV, CFF Forensics and Litigation Services Setting the Stage Why are we seeing an increase in litigation in the Oil and Gas Industry? 1. Market Volatility - Most

469 views • 34 slides
Week 1, class 1 Tasks for today: Get deal.II installed on your desktops Talk about the

Week 1, class 1 Tasks for today: Get deal.II installed on your desktops Talk about the

Week 1, class 1 Tasks for today: Get deal.II installed on your desktops Talk about the structure of this class Week 1, class 1 Getting deal.II installed on your desktops: cd ~ rm .bashrc cp /u/.bashrc .bashrc chmod u+rw .bashrc echo

950 views • 45 slides
XT9? XT9? Integrating Integrating and and Operating Operating a a Conjoined XT4 Conjoined X

XT9? XT9? Integrating Integrating and and Operating Operating a a Conjoined XT4 Conjoined X

XT9? XT9? Integrating Integrating and and Operating Operating a a Conjoined XT4 Conjoined X T4+XT5 +XT5 Sy System stem presented by Don Maxwell HPC Systems ORNL Managed by UT-Battelle for the Department of Energy What is a

368 views • 19 slides
Integrating Classification and Association Rule Mining the Secret Behind CBA Written by Bing

Integrating Classification and Association Rule Mining the Secret Behind CBA Written by Bing

Integrating Classification and Association Rule Mining the Secret Behind CBA Written by Bing Liu, etc. CBA Advantages One algorithm performs 3 tasks It can find some valuable rules that existing classification systems cannot. It

319 views • 11 slides
The Latest in High Performance 3D Desktops with VMware Horizon and NVIDIA GRID Agenda Why

The Latest in High Performance 3D Desktops with VMware Horizon and NVIDIA GRID Agenda Why

The Latest in High Performance 3D Desktops with VMware Horizon and NVIDIA GRID Agenda Why High Performance 3D Desktops Matter NVIDIA GRID Delivers Enterprise Performance VMware Horizon 7 and NVIDIA GRID vGPU Delivers Rich 3D

701 views • 47 slides
REQUEST FOR PROPOSAL 20-008 IT HARDWARE DESKTOPS, LAPTOPS, TABLETS, MONITORS, PRINTERS,

REQUEST FOR PROPOSAL 20-008 IT HARDWARE DESKTOPS, LAPTOPS, TABLETS, MONITORS, PRINTERS,

REQUEST FOR PROPOSAL 20-008 IT HARDWARE DESKTOPS, LAPTOPS, TABLETS, MONITORS, PRINTERS, PERIPHERALS AND RELATED SERVICES INDIANA DEPARTMENT OF ADMINISTRATION ON BEHALF OF THE STATE OF INDIANA BY AND THROUGH THE INDIANA OFFICE OF TECHNOLOGY

1.15k views • 40 slides
Deploying Azure-Based Windows 10 Desktops in Days How Bioverativ Empowers Employees and Partners

Deploying Azure-Based Windows 10 Desktops in Days How Bioverativ Empowers Employees and Partners

Deploying Azure-Based Windows 10 Desktops in Days How Bioverativ Empowers Employees and Partners P R E S E N T E D I N PA R T N E R S H I P Meet Todays Presenters Bob Dyer Dan Bergeron Jennifer Piniaha Associate Director, IT Senior

601 views • 31 slides
Capo: Recapitulating Storage for Virtual Desktops Mohammad Shamma, Dutch T. Meyer, Jake Wires,

Capo: Recapitulating Storage for Virtual Desktops Mohammad Shamma, Dutch T. Meyer, Jake Wires,

Capo: Recapitulating Storage for Virtual Desktops Mohammad Shamma, Dutch T. Meyer, Jake Wires, Maria Ivanova, Norman C. Hutchinson, and Andrew Warfield University of British Columbia The World According to Gartner 60% of all enterprises

599 views • 27 slides
SURFnet6 SURFnet6 SURFnet6 Integrating the IP and Optical worlds Integrating the IP and Optical

SURFnet6 SURFnet6 SURFnet6 Integrating the IP and Optical worlds Integrating the IP and Optical

SURFnet6 SURFnet6 SURFnet6 Integrating the IP and Optical worlds Integrating the IP and Optical worlds Integrating the IP and Optical worlds Erik-Jan Bos Director of Network Services SURFnet, The Netherlands TrefPunkt Kiruna, 30-31 mars

1.2k views • 50 slides
TEMPO: Integrating Scheduling Analysis in Industrial Design Practices Rafik HENIA, Laurent

TEMPO: Integrating Scheduling Analysis in Industrial Design Practices Rafik HENIA, Laurent

www.thalesgroup.com TEMPO: Integrating Scheduling Analysis in Industrial Design Practices Rafik HENIA, Laurent RIOUX, Nicolas SORDON Thales Research & Technology How to Benefit from Existing Timing Analysis Techniques and Tools ? 2 / 2 /

395 views • 8 slides
S7349: Getting Started with GPUs for Linux Virtual Desktops on VMware Horizon Trey Johnson

S7349: Getting Started with GPUs for Linux Virtual Desktops on VMware Horizon Trey Johnson

S7349: Getting Started with GPUs for Linux Virtual Desktops on VMware Horizon Trey Johnson Sr. Architect, Lincare, Inc. Tony Foster Sr. Advisor, Technical Marketing, Dell Technologies NVIDIA GRID Community Advisor 1 #GTC #S7349 Agenda

863 views • 51 slides
S8483 - Empowering CUDA Developers with Virtual Desktops Tony Foster Sr. Advisor, Technical

S8483 - Empowering CUDA Developers with Virtual Desktops Tony Foster Sr. Advisor, Technical

S8483 - Empowering CUDA Developers with Virtual Desktops Tony Foster Sr. Advisor, Technical Marketing, Dell EMC VMware vExpert; VMware EUC Champion; VMware Experts Program, BDSEW; NVIDIA vGPU Community Advisor (NGCA) @wonder_nerd

1.1k views • 41 slides
INTEGRATING IDE INTEGRATING IDEs WITH DOTTY WITH DOTTY Guillaume Martres - EPFL 1 WHAT IS

INTEGRATING IDE INTEGRATING IDEs WITH DOTTY WITH DOTTY Guillaume Martres - EPFL 1 WHAT IS

INTEGRATING IDE INTEGRATING IDEs WITH DOTTY WITH DOTTY Guillaume Martres - EPFL 1 WHAT IS DOTTY? WHAT IS DOTTY? Research compiler that will become Scala 3 Type system internals redesigned, inspired by DOT, but externally very similar

552 views • 53 slides
Integrating Vehicle Control with Traffic Management Murat Arcak UC Berkeley Cross-Layer

Integrating Vehicle Control with Traffic Management Murat Arcak UC Berkeley Cross-Layer

CNTS Workshop, July 8, 2019 Integrating Vehicle Control with Traffic Management Murat Arcak UC Berkeley Cross-Layer Traffic Control Goal: Making full use of existing infrastructure by coordinating network-level, road link-level and

889 views • 13 slides
patient administration, clinical systems and existing technologies Greg Moran Innovation

patient administration, clinical systems and existing technologies Greg Moran Innovation

Integrating telehealth in to current services; connecting with patient administration, clinical systems and existing technologies Greg Moran Innovation and Business Development - HISA Dr. Genna Burrows Telehealth Lead Alfred

542 views • 23 slides
S9670 VIRTUAL DESKTOPS BY DAY, COMPUTATIONAL WORKLOADS BY NIGHT - AN EXAMPLE INFRASTRUCTURE

S9670 VIRTUAL DESKTOPS BY DAY, COMPUTATIONAL WORKLOADS BY NIGHT - AN EXAMPLE INFRASTRUCTURE

S9670 VIRTUAL DESKTOPS BY DAY, COMPUTATIONAL WORKLOADS BY NIGHT - AN EXAMPLE INFRASTRUCTURE Shailesh Deshmukh Senior Solution Architect Konstantin Cvetanov Senior Solution Architect Eric Kana Senior Solution Architect GPU Technology

733 views • 29 slides
detection with an integrating camera Warts and all Scott Stagg Associate Professor Florida

detection with an integrating camera Warts and all Scott Stagg Associate Professor Florida

Pros and cons of direct e - detection with an integrating camera Warts and all Scott Stagg Associate Professor Florida State University Outline Comparison of integrating vs counting detectors Potential advantages of integrating

643 views • 29 slides

More recommend