On 29 Apr, 18:16, Mehdi Sarmadi wrote:
> Hi All
>
> I'm wondering if there is any solution for Linux systems, desktop
> and servers, which provide central(enterprise) access control system.
> A major feature which people are looking for is central control over
> portable media access of users and workstations.
>
> Looking forward to your reply
>

Apart from all the stuff which gets installed by default....
LDAP, AFS, disk encryption and tripwire. Maybe MAC.

C.

On Tue, 29 Apr 2008 10:16:48 -0700, Mehdi Sarmadi wrote:


> I'm wondering if there is any solution for Linux systems, desktop
> and servers, which provide central(enterprise) access control system.
> A major feature which people are looking for is central control over
> portable media access of users and workstations.

What, specifically? Do you mean like Radius? Or just something to keep
users/groups all together across machines like NIS/YP?

"GNU Radius is a software package that provides authentication and
accounting services. The acronym RADIUS stands for "Remote
Authentication Dial In User Service" and (in that form) usually denotes
the underlying protocol name.

Historically, RADIUS servers were used as a means to authenticate
the user coming from a dial-in connection, but GNU Radius is much more
than an authentication system: it is an advanced, customizable, and
extensible system for controlling access to the network."

Also, look for lesser-known projects on Freshmeat.net and/or Sourceforge
that might do what you want.

On Apr 30, 4:20*pm, "C." wrote:
> On 29 Apr, 18:16, Mehdi Sarmadi wrote:
>
> > Hi All
>
> > * I'm wondering if there is any solution for Linux systems, desktop
> > and servers, which provide central(enterprise) access control system.
> > A major feature which people are looking for is central control over
> > portable media access of users and workstations.
>
> > * Looking forward to your reply
>
> Apart from all the stuff which gets installed by default....
> LDAP, AFS, disk encryption and tripwire. Maybe MAC.
>
> C.

Colin, Jayjwa

Thanks for the reply
You know, variety of authentication mechanism is possible using some
network information service like LDAP or NIS+. Moreover you can do
what-ever you want with LDAP on the network: set the user's desktop
background and home directory(on a network FS), put a new handmade
custom network information service, or application required
information services, etc. However all of them need a client agent on
workstation to put the things into work.

As of LDAP, it is raw and could give the network information system
lots of capabilities, which is great using GOsa wonderful
tool .Although, it needs a client on workstation that could apply the
policies like MAC, Linux Access Lists/Controls, pam_group/pam_mount
and so on. P.S. Those which I need is not controlling access to the
network, I'm looking for something which I could replace with MS
Active Directory. Not all of the features are needed like DNS/DHCP but
integration is a highly required feature.

I'm looking for some projects which have done the client side agent,
too. Moreover made it open to add other customized capabilities/
features.

--
Mehdi Sarmadi