Secure AD-Based Authentication for Linux, Unix, and Mac with Kerberos 5

The Basics

• Introduction
• Why Customers Choose Likewise Enterprise
• How it Works
• Supported Platforms
• Frequently Asked Questions (FAQ)

In-Depth Features

• Group Policy
• Gnome Group Policy
• Cell Technology
• PCI Compliance
• Single Sign-On for Web Applications
• Single Sign-On for Databases
• Single Sign-On for Apache Web Server
• Single Sign-On for ERP & Storage Applications
• Kerberos Authentication
• Cross Forest Trusts
• Cached Credentials
• Reporting
• Likewise Identity Service
• Likewise Administrative Console

Simplify Authentication and Authorization in a Mixed Network

Why does enterprise-wide authentication require so much work? For many businesses, it is because they use different Identity Management Systems for different operating systems: Windows users might authenticate through Active Directory, Linux and Unix users might authenticate through NIS, and Mac OS X users might authenticate through an ad hoc Kerberos key distribution center. Every time a user joins or leaves your company, you have to update each of these identity management systems separately, a time-consuming process that can leave security holes.

The complexity of these identity management systems and their lack of central management increases the likelihood that something will go wrong. A user account with access to protected data, for example, might not get deprovisioned from one of the systems when the user leaves the company.

Likewise's ability to join non-Windows computers to an Active Directory domain immediately yields the benefit of making Active Directory's authentication process available to Unix, Linux, and Mac OS X computers. Because Active Directory functions as a Kerberos key distribution center, Likewise can validate Unix and Linux usernames and passwords with the Kerberos 5 network authentication protocol. Kerberos lets users and computers communicating over an insecure network prove their identity to one another in a secure manner.

How Likewise Extends Kerberos Authentication to Linux

 

Benefits of AD-Based Kerberos Authentication
Joining Linux, Unix, and Mac OS X machines to Active Directory with Likewise and authenticating them with Kerberos yields a range of benefits for users, system administrators, and security managers.
Users get one ID and single sign-on: They log on once to a workstation that is authenticated through Active Directory and receive Kerberos-based single sign-on for other computers and applications, such as Oracle, Apache, and SAP.
System administrators rest easy with the knowledge that users are securely authenticated with Kerberos 5 and authorized for access to resources and applicatons.
Managers see their operational costs drop as their Linux, Unix, and Mac computers are centrally managed within Active Directory and configured en masse with Likewise group policies.
Security managers find help in their quest for regulatory compliance with Sarbanes-Oxley and the Payment Card Industry Data Security Standard. This document outlines the technical features and benefits of using Likewise Enterprise.
Other benefits include the following:
	Consolidate your identity management systems into a single secure, scalable, stable, and proven identity     management system. Stop maintaining /etc/passwd files. Reduce your administrators reliance on using the root account, an insecure practice that runs counter to     accepted security standards and regulations. Eliminate labor-intensive ad hoc Kerberos key distribution centers and custom LDAP implementations. Eliminate NIS authentication systems, which are difficult to scale, cumbersome to implement for multiple     operating systems, and far less secure than LDAP and Kerberos. Get a variety of access control methods.