>>>Victor Conocchioli 12/20/06 12:18 pm >>> It basically uses pam and inserts itself in the stack at the beginning. So, what ever application you use must also use pam. Except in the case of Apache, they developed a module (You could also direct Apache to use pam, but there is a little more complexity). It uses kerberos on the AD side, so if you need to go thru a DMZ you need to have 4 ports open. The AD schema does get extended with one program you run on only one domain controller. However, to see the extended schema you need to load an additional msi from Vintela over the normal Microsoftw adminpak.msi. >>>" " <slushpupie at gmail.com> 12/20/06 11:11 am >>> On 12/19/06, Victor Conocchioli <Vic.Conocchioli at dot.state.mn.us> wrote: >If you want nice interoperability with the Active Directory, try looking at Vintela Authentication Services (VAS). It consists of one rpm loaded on to the linux side. This software was recommended to us by Microsoft. (They admitted their own solution is cumbersome and requires a lot of configuration on the AD side). It is owned by Quest Software and has good support. It works nicely with ssh (as well as tectia ssh2), ftp, cvs and they even have an Apache module. Your standard Active Directory Users and Computers program is used on the AD side to manage linux users and groups. > >We just upgraded from w2k AD to win 2003 AD a couple of weeks ago and no changes needed to be made on the linux side. Ive looked at that a few times, but not been able to learn what I wanted from the site. What does it use? A custom nsswitch module? Kerberos keytabs? Does it modify the AD schema? Jay -- Jay Kline http://www.slushpupie.com/