Central access control system for Linux - Security

This is a discussion on Central access control system for Linux - Security ; Hi All I'm wondering if there is any solution for Linux systems, desktop and servers, which provide central(enterprise) access control system. A major feature which people are looking for is central control over portable media access of users and workstations. ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Central access control system for Linux

  1. Central access control system for Linux

    Hi All

    I'm wondering if there is any solution for Linux systems, desktop
    and servers, which provide central(enterprise) access control system.
    A major feature which people are looking for is central control over
    portable media access of users and workstations.

    Looking forward to your reply

    Cheers
    --
    Mehdi Sarmadi

  2. Re: Central access control system for Linux

    On 29 Apr, 18:16, Mehdi Sarmadi wrote:
    > Hi All
    >
    > I'm wondering if there is any solution for Linux systems, desktop
    > and servers, which provide central(enterprise) access control system.
    > A major feature which people are looking for is central control over
    > portable media access of users and workstations.
    >
    > Looking forward to your reply
    >


    Apart from all the stuff which gets installed by default....
    LDAP, AFS, disk encryption and tripwire. Maybe MAC.

    C.

  3. Re: Central access control system for Linux

    On Tue, 29 Apr 2008 10:16:48 -0700, Mehdi Sarmadi wrote:


    > I'm wondering if there is any solution for Linux systems, desktop
    > and servers, which provide central(enterprise) access control system.
    > A major feature which people are looking for is central control over
    > portable media access of users and workstations.


    What, specifically? Do you mean like Radius? Or just something to keep
    users/groups all together across machines like NIS/YP?

    "GNU Radius is a software package that provides authentication and
    accounting services. The acronym RADIUS stands for "Remote
    Authentication Dial In User Service" and (in that form) usually denotes
    the underlying protocol name.

    Historically, RADIUS servers were used as a means to authenticate
    the user coming from a dial-in connection, but GNU Radius is much more
    than an authentication system: it is an advanced, customizable, and
    extensible system for controlling access to the network."

    Also, look for lesser-known projects on Freshmeat.net and/or Sourceforge
    that might do what you want.




  4. Re: Central access control system for Linux

    On Apr 30, 4:20*pm, "C." wrote:
    > On 29 Apr, 18:16, Mehdi Sarmadi wrote:
    >
    > > Hi All

    >
    > > * I'm wondering if there is any solution for Linux systems, desktop
    > > and servers, which provide central(enterprise) access control system.
    > > A major feature which people are looking for is central control over
    > > portable media access of users and workstations.

    >
    > > * Looking forward to your reply

    >
    > Apart from all the stuff which gets installed by default....
    > LDAP, AFS, disk encryption and tripwire. Maybe MAC.
    >
    > C.


    Colin, Jayjwa

    Thanks for the reply
    You know, variety of authentication mechanism is possible using some
    network information service like LDAP or NIS+. Moreover you can do
    what-ever you want with LDAP on the network: set the user's desktop
    background and home directory(on a network FS), put a new handmade
    custom network information service, or application required
    information services, etc. However all of them need a client agent on
    workstation to put the things into work.

    As of LDAP, it is raw and could give the network information system
    lots of capabilities, which is great using GOsa wonderful
    tool .Although, it needs a client on workstation that could apply the
    policies like MAC, Linux Access Lists/Controls, pam_group/pam_mount
    and so on. P.S. Those which I need is not controlling access to the
    network, I'm looking for something which I could replace with MS
    Active Directory. Not all of the features are needed like DNS/DHCP but
    integration is a highly required feature.

    I'm looking for some projects which have done the client side agent,
    too. Moreover made it open to add other customized capabilities/
    features.

    --
    Mehdi Sarmadi

+ Reply to Thread