Wednesday, September 16, 2015

Understanding the Patterns for Identity Consolidation and SSO enabled by Centrify with AD on UNIX, Linux and Macs


In the almost two years of Centrifying we have discussed Identity Consolidation with AD and Single Sign-on at length.  90% of organizations have Active Directory but sometimes over-complicate things when it comes to identity consolidation and SSO.

I had the chance to speak about this in a seminar and these two videos consolidate many entries that we've covered in this blog over the years.

Direct Integration

Name Service Switch, Pluggable Authentication Modules, GSSAPI, Kerberos and Proxies

  • OpenSSH SSO over an outgoing external non-transitive AD one-way trust
  • NSS and PAM using Oracle DB as an example (externally identified user)
  • GSSAPI using MongoDB
  • Kerberos using Hadoop (MapR example)
  • LDAP Proxy to enable Couchbase console access.

Web-Java, SAP and DB2 Plugins

SPNEGO Plugins (Apache/Java);  ERP Plugin (SAP Netweaver, SAPgui), DB2 Plugin
  • Apache SPNEGO
  • JBoss SPNEGO
  • DB2 Plugin
  • Toolset:  Centrify-enhanced psftp;  addns, adcert

Conceptual Diagram

The idea is to eliminate complexity and promote reuse by committing to Active Directory, let the Centrify DirectControl agent do the heavy-lifting for Direct Integration and use the SPNEGO plugins when needed.

For the full briefing, including marketing slideware go here.

No comments:

Post a Comment