My answer at bottom, since we're not supposed to top-post :) : > Hi Bob, > > Your single login idea sounds great on paper but doesn't work with the > platforms you mentioned unless you set up an NIS domain and install NIS > and NFS on Windows 2000. Even then, you may have problems with Windows > 2000 sending the NIS login information to the UNIX systems. I have tried > this several times and was really unhappy with anyone's NIS on Windows. > > I had to read all the official government documentation on HIPAA to > build a new environment for an orthodontist recently. A single login > across platforms is not required for HIPAA, but everyone who must access > a system must have an audited account on that system assigned to him or > her. In other words, no shared or generic accounts. Reasonable timeouts > are required for terminals that are logged in but standing idle. > Everything else is the standard security procedures any good sysadm > would build into his systems anyway. > > If you have any questions, please feel free to email me. If I don't know > the answer, I probably can point you to where the answer can be found. > > > Tom > > Thomas S. Fortner > Burleson, Texas > thomas.fortner@xxxxxxxxxxxxx > "but we preach Christ crucified..." 1 Corinthians 1:23 > > > Hi all, > I am interested in establishing a single user login at my > office that has about 60 machines total running on the > network. This is a heterogeneous network with AIX, Linux, > and Windows. I am wondering if I am better off spending my > time reading up and trying to establish an LDAP server and > then use that to authenticate or whether Kerberos will > satisfy my needs. > > Currently we are in an entirely trusted network setup. > The new HIPPA regulations, however, make it clear that such > a setup is not due diligence and I need to have unique > logins and passwords for every employee and employ some sort > of logging mechanism. > > Your thoughts regarding the way to go will be appreciated. > > Thanks, > > Bob Hartung Bob could accomplish this with Samba. Either using the Samba server as the PDC (which I'd recommend) or running a WinNT 4.0 Domain PDC (which I wouldn't recommend, since M$ isn't gonna support WinNT any more). This works if all of the desktop machines are Windows and the servers are heterogenous. If the desktops are heterogenous, I don't know the piece to get a local log on to the unix box to authenticate to the samba PDC, though I imagine that there's a PAM piece that will allow for it. Ben -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
