This chapter provided an introduction to the different approaches one can take for UNIX and Windows account management and authentication integration. The list of solutions in this chapter is certainly not complete. The primary goal was to illustrate the different integration mechanisms that can be put in place and how MS supports them in SFU 3.0.
The combination of the Kerberos authentication protocol and an LDAP repository is definitely the most promising integration approach. Both LDAP and Kerberos are available on every Windows 2000 and later domain controller: Every DC hosts a Kerberos authentication authority (the KDC) and an LDAP-accessible repository (Active Directory). As long as UNIX Kerberized platforms and applications cannot take advantage of the authorization data Microsoft embeds in its Kerberos tickets (in the PAC field—see Chapter 5), the need for a special repository to centrally store the users’ authorization data will remain.