Users in a Windows and UNIX-based heterogeneous network often maintain several UNIX accounts to access UNIX systems and applications and an Active Directory (AD) domain account to access Windows resources. This setup has long been an administrative and security concern because users can easily forget passwords if they have many accounts or if they don't use the accounts frequently. As a result, users might write down passwords on paper and leave the paper on the desk if they have to remember many passwords. To help secure these environments, some organizations use UNIX's Network Information Service (NIS) to maintain a central user account database for multiple UNIX systems so that a user can use the same account to log on to different UNIX systems. As security becomes more important, however, many organizations want to have a strong password policy on both Windows and UNIX platforms to better secure their information systems.
A strong password policy in AD must include password aging and locking, in addition to password complexity and history. AD's password complexity requires that a password contain three of the four available character types: lowercase letters, uppercase letters, numbers, and symbols, with a minimum password length of six characters. AD's password history requires that users don't reuse a password for an administrator-set number of passwords (e.g., the past 10 passwords). Unfortunately, most UNIX and Linux OSs and NIS don't natively support AD's level of password complexity and history, although they support the password complexity of at least two lowercase or uppercase letters and at least one number or symbol. They also require that the password history of the new password differ from the old one by at least three characters. Some third-party user authentication and account management products can implement a strong password policy across multiple platforms, but they're expensive and complicated to implement. Microsoft Windows Services for UNIX (SFU) supports implementing NIS on AD domain controllers (DCs) and using the AD user object to store the user's UNIX user properties and credentials, but the user's UNIX password is still separate from the AD password. . . .
You must be a logged on user to view the rest of this article
good
Samai March 25, 2008 (Article Rating: )
Darn. Learning path for a Windows IT Pro article points me to an article that I don't have access to.
Tallarico May 15, 2008 (Article Rating: )
Tallarico, I apologize for that problem. I've changed the access level on this article to Registered User, so you should be able to read it now.
IT Connections Dive into the new Microsoft platforms and products you implement and support with the experts from Microsoft, TechNet Magazine, Windows ITPro and industry gurus. There are 70+ sessions and interactive panels with networking opportunities.
Attention User Group Leaders... Announcing the eNews Generator—a FREE HTML e-newsletter builder for user group leaders. Build your HTML and text e-newsletters in minutes and add Windows IT Pro & SQL Server Mag articles alongside your own message!.
Master SharePoint with 3 eLearning Seminars Learn how to build a better SharePoint infrastructure and enable powerful collaboration with MVPs Dan Holme and Michael Noel. Register today!
Get SQL Server 2008 at WinConnections Don’t miss Microsoft Exchange and Windows Connections conferences, the premier events for Microsoft IT Professionals in Las Vegas, November 10-13. Every attendee will receive a copy of SQL Server 2008 Standard Edition with one CAL.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
)
)
Register
Samai March 25, 2008 (Article Rating: