Presentation is loading. Please wait.

Presentation is loading. Please wait.

Configuring Novell Account Management with Identity Manager for Linux and UNIX Doug Anderson Product Manager Boyd Wilson Product Architect,

Published byHelen Walsh Modified over 8 years ago

Similar presentations

Presentation on theme: "Configuring Novell Account Management with Identity Manager for Linux and UNIX Doug Anderson Product Manager Boyd Wilson Product Architect,"— Presentation transcript:

1 Configuring Novell Account Management with Identity Manager for Linux and UNIX Doug Anderson Product Manager danderson@novell.com Boyd Wilson Product Architect, bowilson@novell.com Jeff Bate Engineering Randy Martin Engineering

2 © March 10, 2004 Novell Inc, Confidential & Proprietary 2 one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions. The one Net vision Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :

3 © March 10, 2004 Novell Inc, Confidential & Proprietary 3 The one Net vision Novell Nsure solutions take identity management to a whole new level. Novell Nsure gives you the power to control access so you can confidently deliver the right resources to the right people — securely, efficiently, and best of all, affordably. Novell Nsure ™ Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :

4 © March 10, 2004 Novell Inc, Confidential & Proprietary 4 Agenda Novell Account Management and Identity Manager Framework Overview and Roadmap Account Management UNIX Connectivity Account Management UNIX Configuration Demo NIS Driver for UNIX Connectivity NIS Driver Configuration Demo Futures Q&A

5 © March 10, 2004 Novell Inc, Confidential & Proprietary 5 What’s Up With NAM and IDM? Let’s clear this up now These are complementary products, not competing products Identity Manager is the family, and NAM is part of it NAM is going to go from cousin to brother

6 © March 10, 2004 Novell Inc, Confidential & Proprietary 6 How are Novell Account Management and Identity Manager Related? NAM has functionality not available in IDM2 (Fan-Out Drivers, Windows Standalone Mode, Authentication Redirection, Native Script Handling, password sync using standard eDir password) NAM also has limitations not found in IDM2 (Subscriber-Only, Different Architecture, Different Management Console)

7 © March 10, 2004 Novell Inc, Confidential & Proprietary 7 What’s the Mission? To make it easy for any Novell Account Management customer (and there are thousands), be it version 2.1 or 3.0, on any platform, to move forward, without losing any critical functionality, and, in fact, gaining significant functionality.

8 © March 10, 2004 Novell Inc, Confidential & Proprietary 8 But, for today... But for right now, let’s talk about how NAM works today, and how it will work in the future

9 Novell Account Management UNIX Connectivity

10 © March 10, 2004 Novell Inc, Confidential & Proprietary 10 Account Management UNIX Connectivity Supports flavors of UNIX including Linux, Solaris, HP-UX and AIX. Supports proprietaty, /etc/passwd, NIS, and NIS+ configurations. Supports extendable control through shell scripting. Supports automatic global or pocket UID/GID management. Supports Samba

11 © March 10, 2004 Novell Inc, Confidential & Proprietary 11 Account Provisioning to a Target By permitting a collaborative unit such as a container or a group to a target system, you automate the management of all users that may be associated with the collaborative unit in the future. Solaris App Server AIX Mail Server Set of Linux Web Servers AIX Solaris Linux Servers

12 © March 10, 2004 Novell Inc, Confidential & Proprietary 12 NAM 3.0 Principal Components AS/400 Unix Other Windows 390 Core Services Agents Event Listener Manager Services Object Services Audit Services Certificate Services Web Services Journal Services Platform Services eDirectory Novell DirXML

13 © March 10, 2004 Novell Inc, Confidential & Proprietary 13 AS/400 Unix Other Windows 390 NAM 3.0 Principal Components eDirectory Authentication Services API Platform Services System Intercept Platform Services Process User and Group Management Platform Receiver Scripts User Authentication Core Services Agents Event Listener Manager Services Object Services Audit Services Certificate Services Web Services Journal Services SSL Novell DirXML

14 © March 10, 2004 Novell Inc, Confidential & Proprietary 14 Receiver Scripts Default Scripts are delivered for each security system for each platform. May be modified or replaced by the customer. Target system administrators already know how to write scripts since the local scripting environment is used on each platform (REXX, Shell Script, Windows Script, etc) In many cases administrators already have scripts to perform operations on their local system and these can be plugged directly in.

15 © March 10, 2004 Novell Inc, Confidential & Proprietary 15 Adding Users To The Directory Authentication Services API eDirectory Novell DirXML Platform Services System Intercept Platform Services Process User Authentication User and Group Management Platform Receiver Scripts Core Driver(s) Manager Services Object Services Audit Services Certificate Services Web Services (iManager Integration) Journal Services Auth Redirection (agent) SSL 1. A new user is created in eDirectory 3. Object Services creates an E-user object in the Census, associates it to the proper Platform and passes this information on to Event Journal Services 4A. The Platform Receiver requests an Access Management Event from Event Journal Services pertaining to the Platform Set that this particular platform is associated with 4B. Event Journal Services reads the information for the object specified in the Access Management Event out of eDirectory and passes it on to the Platform Receiver 5. The Platform Receiver processes the Access Management Event through a suitable script (Add User) and passes it on the local user security system 6. Event Journal Services notifies Audit Services which records the actions taken in the Audit Log 2. The Core Driver sees the change

16 © March 10, 2004 Novell Inc, Confidential & Proprietary 16 AM Password Management 3 Methods to Choose From 1. Re-Direction 2. Re-Direction with Local Sync 3. Replication (Event-Driven Sync) The architecture supports 3 Authentication methods for a given platform:

17 17 Authentication Redirection with PAM (Password Check/Change) eDirectory PAM UNIX Applications OS AM 3.0 Agent(s) eDir ID/ PW LDAP Y/N ID/ PW Y/N /etc/paswd If Local Sync Option Enabled (NAM SP2) Y

18 18 AM 3.0 Agent(s) Authentication Replication (Event-Driven Password Sync) UNIX/Win/MF Intercept Application Secur ity eDirectory DirXML AM Driver Password Change ID/PW Security System

19 19 Authentication Replication (Event-Driven Password Sync) AM 3.0 Agent(s) UNIX/Win/MF Intercept Security System Application Secur ity eDirectory DirXML AM Driver Password Change AM 3.0 Account Provider (Manager) Platform Receiver (Method=Replicate) Target 1 UNIX SS Platform Receiver (Method=Redirect) Target 2 UNIX SS Platform Receiver (Method=Replicate) Target 3 UNIX SS ID/PW

20 20 AM 3.0 Agent(s) Authentication Replication (Event-Driven Password Sync) Windows Server Intercept Domain Controller Application Doma in eDirectory DirXML AM Driver Password Change AM 3.0 Account Provider (Manager) Platform Receiver (Method=Replicate) Target 1 UNIX SS Platform Receiver (Method=Redirect) Target 2 UNIX SS Platform Receiver (Method=Replicate) Target 3 UNIX SS

21 21 Samba Sync DirXML AM Driver AM 3.0 Account Provider (Manager) Platform Receiver (Method=Replicate) Target 1 UNIX SS Platform Receiver (Method=Redirect) Target 2 UNIX SS Platform Receiver (Method=Replicate) Target 3 UNIX /etc/passwd SMB Password

22 Account Management UNIX Configuration Demo

23 NIS Driver for UNIX Connectivity

24 © March 10, 2004 Novell Inc, Confidential & Proprietary 24 NIS Driver Facts Version 1 released in 2003. New deliverable now available with Identity Manager 2.0 release. Synchronizes user and group information between eDirectory™ and traditional UNIX data stores such as Files, NIS(YP), and NIS+. Supports IDM 2.0 Remote Loader.

25 © March 10, 2004 Novell Inc, Confidential & Proprietary 25 NIS Driver Features Bi-directional password syncronization Driver Heartbeat Account Entitlements Support for HP-UX Support for MD5 passwords.

26 26 NIS Driver Architecture Novell eDirectory IDM 2.0 Engine Subscriber Publisher IDM NIS Driver Format Converter Command s Engine Driver’s Schema Files NIS+ Tables NIS Maps useradd usermod userdel Etc. read changes ypadd ypmod etc. read changes Nistbladm Nispasswd etc.

27 27 NIS Subscriber Channel Subscriber Filter Event Transforms Association Processor Add Event? Event Restrictions Create Rule Transform Account Restrictions Match Rule Create Rule Command Transform Schema Mapper Yes No eDir

28 28 NIS Publisher Channel Command Transform Add Event? Association Processor Publisher Filter Event Transform Schema Mapper Match Rule Account Restrictions Create Rule Placement Rule Create Rule Transform Yes No

29 © March 10, 2004 Novell Inc, Confidential & Proprietary 29 NIS Driver Password Management Leverages IDM 2.0 password management framework. A PAM module on the UNIX system captures password changes and sends them to the driver. You must enable Universal Password in eDirectory to sync UNIX and eDirectory passwords with the driver. Password synchronization must be set up for the driver by using iManager.

30 © March 10, 2004 Novell Inc, Confidential & Proprietary 30 NIS Driver Password Management 888-555-1212Telephone MD5: ######## CRYPT: ********** AuthPassword SalesDepartment SmithSurname BobCN AuthPassword eDir Attribute Optionally used to sync passwords between UNIX systems when Universal Password is not enabled. Holds MD5 and CRYPT representations of UNIX password. Use governed by AuthPassword option. Updated by password change on each UNIX system. NOT updated during user add operation. Recommended to be disabled if UP is enabled.

31 © March 10, 2004 Novell Inc, Confidential & Proprietary 31 NIS Driver Password Management Continued.. Subscriber Add User event in eDir sets default password in UNIX and sets the default distribution password for that user. The default distribution password is determined by two Identity Manager script rules. Any change in the Universal password in eDir will cause the UNIX password to be set for that user.

32 © March 10, 2004 Novell Inc, Confidential & Proprietary 32 NIS Driver Password Management Continued.. Publisher When user is created in UNIX, no password is captured until the password is set/changed the first time. The default distribution password can be used (determined by Identity Manager scripts) to set the password when it cannot be determined. Any modify password event in UNIX will cause the distribution password to be set to the new password. If AuthPassword option is enabled, the AuthPassword attribute will be updated to hold MD5 and CRYPT representations of the password.

33 NIS Driver Configuration Demo

34 Futures

35 © March 10, 2004 Novell Inc, Confidential & Proprietary 35 Facts The same engineering team now develops and supports the Account Management and NIS Driver deliveries in the UNIX solution space. There are fits for each solution today. NIS driver is good if UNIX is authoritative for account creations. NAM is good if you have lots of systems to connect or if you have not enabled Universal Password. Account Management and Identity Management are converging using a multiple phase approach.

36 © March 10, 2004 Novell Inc, Confidential & Proprietary 36 IDM/NAM Convergence This does NOT mean simply that Account Management is going away and being converted to drivers. Convergence requires new functionality in the current IDM Engine and management infrastructure as well as a change in current NAM management methodologies. This will open up new possibilities for managing how drivers work. This will allow for a common management and customization infrastructure. Migrations from current DirXML/Identity Manager drivers and NAM implementations will be made seamless. No need to wait to deploy!

37 © March 10, 2004 Novell Inc, Confidential & Proprietary 37 NAM Futures and Convergence The following slides constitute one phase in the convergence process. All current functionality is taken forward.

38 © March 10, 2004 Novell Inc, Confidential & Proprietary 38 Component Location (Core Driver) The Core Driver now includes all the functionality of the former Event Listener, Manager and Agents. A Core Driver must be installed on the server(s) where replicas of the provisioned users and ASAM System container reside. The Core Driver uses a mix of DirXML and LDAP calls to accomplish its mission You can install more than one Core Driver for redundancy, when you upgrade, upgrade the Manager first, then the agents all to Core Drivers

39 © March 10, 2004 Novell Inc, Confidential & Proprietary 39 Principal Components AS/400 Unix Other Windows 390 Core Driver(s) Fan Out Auditing UIDGID Mgmt Authentication Redirection Bi-directional Password Replication UP Support IDM2 Integration Requires fewer objects in eDirectory Platform Services eDirectory Novell DirXML

40 © March 10, 2004 Novell Inc, Confidential & Proprietary 40 AS/400 Unix Other Windows 390 Principal Components eDirectory Authentication Services API Platform Services System Intercept Platform Services Process User and Group Management Platform Receiver Scripts User Authentication Core Driver(s) Manager Services Object Services Audit Services Certificate Services Web Services (iManager Integration) Journal Services Auth Redirection (agent) SSL Novell DirXML

41 © March 10, 2004 Novell Inc, Confidential & Proprietary 41 eDirectory Novell DirXML Core Driver Manager Services Object Services Audit Services Certificate Services Web Services Journal Services Agent Services DirXML LDAP/SSL Core Driver Communications Installed on the Same System

42 © March 10, 2004 Novell Inc, Confidential & Proprietary 42 Multiple Core Drivers eDirectory Novell DirXML eDirectory Novell DirXML Multiple Core Drivers can watch for events in different or the same replica rings. DirXML LDAP/SSL DirXML LDAP/SSL Core Driver Manager Services Object Services Audit Services Certificate Services Web Services Journal Services Agent Services Core Driver Manager Services Object Services Audit Services Certificate Services Web Services Journal Services Agent Services

43 © March 10, 2004 Novell Inc, Confidential & Proprietary 43 Component Location (Platform Services) Platform Services run on the target system. Delivery and Installation based on the Native Platform.

44 © March 10, 2004 Novell Inc, Confidential & Proprietary 44 Core Driver(s) eDirectory Novell DirXML Platform Services – UNIX LDAP Security System API Interf ace Proces s Intercep ts And Interfac es UNIX APP 1 APP 2 APP 3 APP N

45 Question and Answer

46 © March 10, 2004 Novell Inc, Confidential & Proprietary 46

47 General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

Download ppt "Configuring Novell Account Management with Identity Manager for Linux and UNIX Doug Anderson Product Manager Boyd Wilson Product Architect,"

Similar presentations

Reduce Cost & Complexity Partner logo here Presenters Name (16pt) Presenters Title (14pt) Company/e-mail (14pt) Manage and Deploy Applications using Virtualization.

Reduce Cost & Complexity Partner logo here Presenters Name (16pt) Presenters Title (14pt) Company/ (14pt) Manage and Deploy Applications using Virtualization.
Nsure ™ Audit Essentials Rick Meredith Software Engineer Novell, Inc. Jaime Brimhall Software Engineer Novell, Inc.

Nsure ™ Audit Essentials Rick Meredith Software Engineer Novell, Inc. Jaime Brimhall Software Engineer Novell, Inc.
How to Successfully Cluster GroupWise Gregg A. Hinchman Consultant, Hinchman Consulting Ed Hanley Senior Consultant, Novell.

How to Successfully Cluster GroupWise Gregg A. Hinchman Consultant, Hinchman Consulting Ed Hanley Senior Consultant, Novell.
SAN Design Considerations Hylton Leigh Senior Consultant Novell Consulting, UK Stuart Thompson Senior Consultant Novell Consulting, UK.

SAN Design Considerations Hylton Leigh Senior Consultant Novell Consulting, UK Stuart Thompson Senior Consultant Novell Consulting, UK.
How to Implement a Cluster of Clusters Atiq Adamjee Senior Architect Novell, Inc. Brad Rupp Software Engineer Novell, Inc.

How to Implement a Cluster of Clusters Atiq Adamjee Senior Architect Novell, Inc. Brad Rupp Software Engineer Novell, Inc.
Password Management Bill Street, Nathan Jensen, Mike Simpson, Will Peterson Identity Management Engineering.

Password Management Bill Street, Nathan Jensen, Mike Simpson, Will Peterson Identity Management Engineering.
Upgrading to Novell ® SecureLogin 3.5 Rod Tietjen,

Upgrading to Novell ® SecureLogin 3.5 Rod Tietjen,
Developing for Novell ® Nsure ™ SecureLogin Gordon Mathis Senior Software Engineer, Novell Inc.

Developing for Novell ® Nsure ™ SecureLogin Gordon Mathis Senior Software Engineer, Novell Inc.
DIR-835A1 Wireless N750 Dual-Band Router Wireless & Router Product Div. July 2011 D-Link WRPD.

DIR-835A1 Wireless N750 Dual-Band Router Wireless & Router Product Div. July 2011 D-Link WRPD.
Document Management with GroupWise ® Gregg Hinchman Consultant Hinchman Consulting Jerry Winkel Novell Escalation Engineer.

Document Management with GroupWise ® Gregg Hinchman Consultant Hinchman Consulting Jerry Winkel Novell Escalation Engineer.
Nsure ™ Audit: Instrumenting Custom Applications Rick Meredith Jason Arrington Nsure Audit Engineering Novell, Inc.

Nsure ™ Audit: Instrumenting Custom Applications Rick Meredith Jason Arrington Nsure Audit Engineering Novell, Inc.
Implementing the DirXML ® Starter Pack on NetWare ® 6.5 Richard Moore, Novell DirXML Engineering Stuart Mansell, Novell Consulting.

Implementing the DirXML ® Starter Pack on NetWare ® 6.5 Richard Moore, Novell DirXML Engineering Stuart Mansell, Novell Consulting.
Understanding the Architecture of Identity Manager 2 (formerly DirXML) Dave Horne Engineering Manager Steve Weitzeil Identity Solutions.

Understanding the Architecture of Identity Manager 2 (formerly DirXML) Dave Horne Engineering Manager Steve Weitzeil Identity Solutions.
Implementing Novell iChain ® at the City of Los Angeles Adam Loughran Senior Systems Engineer, Novell Robert Gillette IS Development Manager, City of Los.

Implementing Novell iChain ® at the City of Los Angeles Adam Loughran Senior Systems Engineer, Novell Robert Gillette IS Development Manager, City of Los.
Benefits of a SUSE ® Subscription Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/Email (14pt)

Benefits of a SUSE ® Subscription Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)
Configuring Identity Manager 2 (formerly DirXML ® ) for JDBC (w/DirXML) Jason Elsberry Software Engineer

Configuring Identity Manager 2 (formerly DirXML ® ) for JDBC (w/DirXML) Jason Elsberry Software Engineer
Implementing iChain ® in the Wild: Life beyond the lab Rich Roberts Senior Architect – Novell Consulting Novell Inc. Jim Short iChain Guru – Novell Consulting.

Implementing iChain ® in the Wild: Life beyond the lab Rich Roberts Senior Architect – Novell Consulting Novell Inc. Jim Short iChain Guru – Novell Consulting.
Implementing DirXML ® Stylesheets David Wagstaff

Implementing DirXML ® Stylesheets David Wagstaff
Novell Nsure TM Identity Manager 2 andGroupWise Provisioning Art Purcell, GroupWise ® Engineering, David Holbrook, DirXML Engineering,

Novell Nsure TM Identity Manager 2 andGroupWise Provisioning Art Purcell, GroupWise ® Engineering, David Holbrook, DirXML Engineering,
Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.

Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.

Similar presentations

Ads by Google