Over the weekend I installed PhpWiki at work to provide documentation of the internal systems, and wrote a nice theme to go along with it. Unfortunately, authentication beyond the admin user doesn’t seem to exist at all with PhpWiki, which really sucks. I also got my workstation authenticating with the NT primary domain controller. The pam_winbind module goes out, checks the username/pass combo on the PDC, and then returns ‘success,’ no matter what (i.e. even if the PDC says no, pam_winbind says yes). That sucks, and forces me to always require standard UNIX authentication (which, as it forces me to keep the unix passwords in sync with the NT domain, is precisely what I was trying to avoid).
The basic problem is that there’s no centralized authentication: the half-dozen Linux boxes all use standalone /etc/passwd, the windows boxes use the NT domain, and the Apples [MacOS 9 and X] use whatever they use. IOW, it looks like I get to learn how to tie four different systems together into one big authentication love-fest (my boss is thinking LDAP, which sounds about right for the authentication, but exactly how to get that working with the file-sharing side of things could get tricky—I’m thinking that a unified file-sharing box which exports the same shares in the three protocols using the LDAP server for authentication would be ideal, but charset differences are one big sticking point).
One thought on “Job Stuff”
An easy solution would be to upgrade the NT domain to Win2k, the winbind stuff is not particularly difficult with Active Directory (LDAP). Also, Macs have built in AD authentication (http://its.med.yale.edu/tech_docs/addmachine/add_panther.html). Alternatively, you could probably do all this with OpenLDAP but I’m not familiar with it.
Comments are closed.