The Schwartz Report

Blog archive

RHEL Upgrade Includes Improved Active Directory Integration

It appears the partnership Microsoft and Red Had formed late last year is paying dividends. The release this week of Red Hat Enterprise Linux (6.8), which includes a variety of systems management and security improvements, offers cleaner ties with Active Directory.

Aiming to improve client-side performance and management, the company has added new capabilities to RHEL 6.8's Identity Management client code in System Security Services Daemon (SSSD). The SSSD in RHEL is Red Hat's integration interface between its own Identity Management (IdM) and various identity and authentication providers including Active Directory and LDAP. SSSD also caches user credentials so they're available for authentication if an identity provider goes offline.

A new "cached authentication lookup" capability on the client reduces extraneous communications of credentials with Active Directory servers. Also added was support for the open source adcli, a tool for managing Active Directory domains. Red Hat said SSSD also now supports smart card authentication for login to systems and for functions such as sudo, used for privileged administrative access.

By utilizing the SSSD support, RHEL 6.8 is a viable alternative to LDAP configuration for applications for those looking to utilize enterprise single sign-on using Apache modules because it enables Kerberos-based authentication, allowing users who authenticate via Active Directory not to enter a user ID and password again, said Red Hat engineering director Dmitri Pal, in an April 26 blog post. It also offers improved security, failover, load balancing and awareness of domains and sites versus LDAP, Pal noted.

"Overall, external authentication based on Apache modules adds a lot of flexibility in authentication methods, supports complex domain infrastructures, has better security properties, and raises the resiliency of the application without requiring extra equipment," he stated. However, it does require more complex configuration, he said "but this complexity is well worth the (small amount of) extra effort."

Posted by Jeffrey Schwartz on 05/13/2016 at 9:06 AM


Featured

  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

  • Windows Will Have Support for Encrypted DNS

    Microsoft announced this week that the Windows operating system already has support for an encrypted Domain Name System option that promises to add greater privacy protections for Internet connections.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.