Common user-IDs & passwords on Netware & Unix systems

Common user-IDs & passwords on Netware & Unix systems

Post by Glen Gord » Tue, 16 May 1995 04:00:00



Here at the UCLA Anderson Graduate School of Management, students,
faculty, and staff use PC and Mac Clients to access HP9000 Unix
systems as well as PC based Netware 4.0 servers.  Our goal is to allow
them to maintain a single user-ID and password across these systems,
and to administer the addition/removal of users in one central place,
preferably one of our HPUX systems.

Is there a middle ground between purchasing a high-priced third-party
solution and bicycling files containing un-encrypted passwords between
systems?  More specifically, is there any easy way to get Netware to
use TCP/IP to consult a non-netware host to authenticate users at
login time?  Is the reverse possible?  Can a Unix host using TCP/IP
have a netware server authenticate a user?

We are quite willing to roll our own solution, but are baffled by the
issue of how to get Netware and non-Netware hosts to safely and
cooperatively exchange user/password information.

Any ideas and/or pointers would be most appreciated.

--Glen

 
 
 

Common user-IDs & passwords on Netware & Unix systems

Post by Mark D » Wed, 17 May 1995 04:00:00



>Here at the UCLA Anderson Graduate School of Management, students,
>faculty, and staff use PC and Mac Clients to access HP9000 Unix
>systems as well as PC based Netware 4.0 servers.  Our goal is to allow
>them to maintain a single user-ID and password across these systems,
>and to administer the addition/removal of users in one central place,
>preferably one of our HPUX systems.

Ahh! you want to create a single point of failure in the system !

Quote:

>Is there a middle ground between purchasing a high-priced third-party
>solution and bicycling files containing un-encrypted passwords between
>systems?  More specifically, is there any easy way to get Netware to
>use TCP/IP to consult a non-netware host to authenticate users at
>login time?  Is the reverse possible?  Can a Unix host using TCP/IP
>have a netware server authenticate a user?

The problem is to bring the usual lack of over the wire encryption
inherent in most TCP/Ip systems up to the standard of NetWare.

Does the Novell UnixWare product offer any of this ?

 
 
 

Common user-IDs & passwords on Netware & Unix systems

Post by Dennis Lar » Thu, 18 May 1995 04:00:00




>>Here at the UCLA Anderson Graduate School of Management, students,
>>faculty, and staff use PC and Mac Clients to access HP9000 Unix
>>systems as well as PC based Netware 4.0 servers.  Our goal is to allow
>>them to maintain a single user-ID and password across these systems,
>>and to administer the addition/removal of users in one central place,
>>preferably one of our HPUX systems.

>Ahh! you want to create a single point of failure in the system !

Aren't there usually MANY single points anyway?
Quote:

>>Is there a middle ground between purchasing a high-priced third-party
>>solution and bicycling files containing un-encrypted passwords between
>>systems?  More specifically, is there any easy way to get Netware to
>>use TCP/IP to consult a non-netware host to authenticate users at
>>login time?  Is the reverse possible?  Can a Unix host using TCP/IP
>>have a netware server authenticate a user?

>The problem is to bring the usual lack of over the wire encryption
>inherent in most TCP/Ip systems up to the standard of NetWare.

>Does the Novell UnixWare product offer any of this ?

The Kerberos system does what you want. Unfortunately, I haven't found
any netware versions of the stuff, client or server. What I find weird
is that, as I understand the 2 systems anyway, that VLM/NCP and Kerberos
methodologies are almost exactly the same, just talking different
languages.

This would be a point of further research, but Unixware could potentially
help. It would have to basically bridge the 2. It probably wouldn't have
a problem with the Kerberos side, but I don't know how it would pass
the appropriate info to the Netware 4 system.

Not much help I'm afraid, but I'm looking too.
Good luck - dennis

 
 
 

Common user-IDs & passwords on Netware & Unix systems

Post by James A Fin » Fri, 19 May 1995 04:00:00



: >

: >
: >>Here at the UCLA Anderson Graduate School of Management, students,
: >>faculty, and staff use PC and Mac Clients to access HP9000 Unix
: >>systems as well as PC based Netware 4.0 servers.  Our goal is to allow
: >>them to maintain a single user-ID and password across these systems,
: >>and to administer the addition/removal of users in one central place,
: >>preferably one of our HPUX systems.
: >
: >Ahh! you want to create a single point of failure in the system !
: >
: Aren't there usually MANY single points anyway?

  I don't think MANY and SINGLE go together too well. A contradiction in
  terms ?

: >>
: >>Is there a middle ground between purchasing a high-priced third-party
: >>solution and bicycling files containing un-encrypted passwords between
: >>systems?  More specifically, is there any easy way to get Netware to
: >>use TCP/IP to consult a non-netware host to authenticate users at
: >>login time?  Is the reverse possible?  Can a Unix host using TCP/IP
: >>have a netware server authenticate a user?
: >>
: >
: >The problem is to bring the usual lack of over the wire encryption
: >inherent in most TCP/Ip systems up to the standard of NetWare.
: >
: >Does the Novell UnixWare product offer any of this ?
: The Kerberos system does what you want. Unfortunately, I haven't found
: any netware versions of the stuff, client or server. What I find weird
: is that, as I understand the 2 systems anyway, that VLM/NCP and Kerberos
: methodologies are almost exactly the same, just talking different
: languages.

: This would be a point of further research, but Unixware could potentially
: help. It would have to basically bridge the 2. It probably wouldn't have
: a problem with the Kerberos side, but I don't know how it would pass
: the appropriate info to the Netware 4 system.

: Not much help I'm afraid, but I'm looking too.
: Good luck - dennis
--
 James A. Finch
 - finger me (mt92jaf) at cook.brunel.ac.uk for signed PGP pub key.
 Email and ask for fingerprint verification if you want.

 
 
 

Common user-IDs & passwords on Netware & Unix systems

Post by Misteli Micha » Tue, 30 May 1995 04:00:00


Hello

I have problems with SATAN, in my network (Sun 2.4) .

What have I done:

1.      Compile Perl 5.000 -> perl5 (ok.)

2.      Make the SATAN with 'reconfig' and 'make' (ok.)

3.      I tryed to run SATAN as root (under /local/satan-1.1.1) with

        ./satan        

Mosaic app. but ther is no possibility to modify any thing, on SATAN
Data Management, Target selection etc. the System is allways saying :
'SATAN is initializing, please try again later'. After 2 h I have
the same message !!!

        ./satan our.net.work

After 2-3 Min. the prompt come back and under 'results/satan-data'
there are some files with the analyse of our network - but how can i make
it visible in the mosaic? I run satan again without any options, but I am
not able to make visible any of the results still 'SATAN is initializing,
please try again later'.

Under 'Satan Target selection' I hade never the possibility to modify any
thing!

Please help

Michael

--

 o -    |                                       ||  
 |\     ||\           Misteli Michael         ~~||~~~~~~~~~~~~~~~~~~~~~~
      /||| \          System Manager Unix,      ||   ________________  
     / |||  \         Sailer and Diver          ||  /                \
    /__|||___\ __                               ||  |  (O)      (O)  |
    \----------/|_    +41 65 24 37 86 - VOICE   ||  \_______/\_______/
  ~~ \________/~|_|~  +41 65 24 21 43 - FAX     ||                
         V                                      ||_________\ - /
                                                 \____________/


                URL:    http://www.infrasys.ascom.ch/~misteli/