Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: SUSE Linux Simplifies Interaction with Active Directory

  • Subject: Re: SUSE Linux Simplifies Interaction with Active Directory
  • From: "Rex Ballard" <rex.ballard@xxxxxxxxx>
  • Date: 15 Sep 2006 02:54:46 -0700
  • Complaints-to: groups-abuse@google.com
  • In-reply-to: <FrlOg.78572$sS1.35071@read1.cgocable.net>
  • Injection-info: p79g2000cwp.googlegroups.com; posting-host=59.145.136.1; posting-account=W7I-5gwAAACdjXtgBZS0v1SA93ztSMgH
  • Newsgroups: comp.os.linux.advocacy
  • Organization: http://groups.google.com
  • References: <2519700.IeT0msVIeO@schestowitz.com> <FrlOg.78572$sS1.35071@read1.cgocable.net>
  • User-agent: G2/1.0
  • Xref: news.mcc.ac.uk comp.os.linux.advocacy:1154931
Scott Nudds wrote:
> "Roy Schestowitz" <newsgroups@xxxxxxxxxxxxxxx> wrote in message
> > Can Linux Desktops Live in an Active Directory World?
>
>   Linux is becoming more Microsoft Windows like in order to gain market
> share.

There is a mutual convergence.  Microsoft must attempt to maintain the
illusion of compatibility with at least SOME elements of UNIX/Linux
servers, or it risks being vulnerable in terms of higher TCO.  If it
costs me 80% less to install and configure secure Linux clients using
LDAP for authentication, than it does to install and configure Windows
systems which require synchronization between Unix LDAP systems (80% of
the corporate server functionality), and Active Directory to Windows
(99% of the of the office desktops - even though 10% have Linux/OSS or
Cygwin/OSS capabilities), it creates a problem for Microsoft.  This is
why Microsoft at least attempted to pretend to implement LDAP.
Fortunately, most LDAP authenticated servers, such as WebSphere, can
treat Active Directory like any other LDAP server.  You can't read
Active Directory using openLDAP, because Microsoft botched up the
standard and refuses to comply without getting the name, company, and
IT managers - so that they can beat them into submission financially.

>   It can't succeed otherwise.

When I connect a Linux desktop to a Linux or Unix server, it's possible
to do things, safely and securely, that I wouldn't dare to do with
Windows.  Unix has lots of capabilities that just can't be connected to
Windows in a trustworthy way.  This is largely because Microsoft keeps
adding new "back doors" to their clients which could easily corrupt
ssh, corba, and streaming connections.  No sane *nix administrator is
going to grant direct execute privedges to a Windows client without
making the user go through some nasty hoops to make sure that he can't
do to much mischief without getting himself arrested, prosecuted, and
convicted.

Many security experts are now stopping at the point where they can say
"you've been hacked, call the FBI".  This preserves the chain of
custody and assures that proper probable cause and warrants can be
arranged.

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index