Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
AW: [suse-security] importing users
  • From: "OKDesign oHG Security Webmaster" <security@xxxxxxxxxxx>
  • Date: Sun, 10 Dec 2000 00:20:22 +0100
  • Message-id: <BDEBIBCIOPMPINHGJKKPIEGHCGAA.security@xxxxxxxxxxx>
Hello,

yes, Oliver, you remember right :-)

> To sum it up:
> There is no easy and secure way to migrate users and passwords from a NT
> machine to Linux (or any other Unix for that matter).
> Since you have to somehow get your passwords over, I'd be inclined to
> take a better aproach (which is IMHO completely going to Kerberos or
> better yet Secure-ID).

This is the point where I stop understanding...
Kerberos left, better secure-id right, I have no idea how to implement this
when transfer user data from NT to linux.
Okay, when following the different meanings I got the idea to set up linux
as BDC (is this possible ?) and to get the user-data from the still-existing
NT-PDC. But, when doing this, I only get the accounts for login to the
domain, and not "REAL" users being able to use POP-account and linux-account
and so on.
Okay, it could be possible to crack the accounts with l0pht or others, but
this is not the main problem. Maybe I did not make it clear. SO here's the
complete position:

The client actually has an NT machine acting as
- file-server
- PDC
- getting mail from our system and distribute it to the different local
accounts dependig on the "to:"-field (fetchmail and procmail would be the
solution when linux would be running, but with NT this is hard to manage for
some reasons; this is one of the main-reasons for his interest in switching
to linux)
- and some other small, unimportant, services

There are actually about 500 acounts (yes, five hundred) and he only has the
PW of about 100. The other accounts changed the PWs themselves. Some
accounts are only loggin gin at the domain from time to time, so just taking
temporare PWs and to force them to change it themselves would be difficult
to handle. So he asked if it would be possible to import the user-data to
linux.
I'm somewhat familiar with Linux, but actually I'm just learning to cope
with NT/2000 (doing training with the goal MCSE, but this is in the future;
just BTW)
So I know that I know nothing :-)) and asked here for assistance.
The transfer of the user-accounts should be made under best possible
security, as the normal work has to got on meanwhile and noone withing the
domainspace should be able to get other user-data in any way.
Does anyone have any ideas how to make this possible ?

Thanks again for your help until now (and in advance for further assitance)

---
--------------------------------------------
Stephan M. Ott // OKDesign oHG
Internet-Providing und Netzwerkmanagement
smo@xxxxxxxxxxx ..... http://www.okdesign.de
fon. +49 961 3814139 .. fax. +49 961 3814140
mobil 0171-8351130 ... oder ... 0171-7858064
--------------------------------------------


< Previous Next >
Follow Ups
References