[Beowulf] Re: Linux cluster authenticating against multiple Active Directory domains

Dave Love d.love at liverpool.ac.uk
Thu Jul 31 09:07:50 PDT 2008


Geoff Jacobs <gdjacobs at gmail.com> writes:

> Joe Landman wrote:
>> If you don't mind using commercial tools, have a look at Centrify.

Centrify needs admin on the AD systems, and in my experience it doesn't
provide anything except grief, unless you want your systems to be
adminned from the Windows world.  [It's proprietary, not just
commercial.]

A recent GNU/Linux distribution you're likely to use will provide all
you need if you have to be an authentication and/or directory client of
the Windows world.

> Looks like Likewise nee Centeris has a FOSS version. From the blurb...
>
> "Supports multiple forests with one-way and two-way cross forest trusts"

Normal Kerberos clients will work cross-realm anyhow.

> Apparently it's GPL, so legal compatibility shouldn't be an issue.

That's actually an odd choice for (presumably) PAM and NSS modules which
you expect to be dynamically linked into programs with
non-GPL-compatible licences.



More information about the Beowulf mailing list