-- Main.ctucker - 28 Oct 2005

Active Directory Password Synchronization with Core and Teaching Regions

Complete deliberations concerning the development of password synchronization is found in the ST article [UW-MFCF#39145]. Both Ray Butterworth and Clayton Tucker worked on the development of this mechanism.

UNIX Side

Ray Butterworth modified a feature of the setpw package in UNIX called submit_password. In submit_password, an ssh client is now launched during password change. The ssh process connects to a domain controller in CSCF's Active Directory who's domain corresponds to the xhier region. The user's username new password are piped into the ssh command which takes the following form.

/software/.admin/bins/bin/ssh -1 -x -T [domain_controller_name] updtuser [username] [new_password] /domain 2>&1

updtuser is a Windows command shell script (cmd can be compared to sh or csh with respect to scripting) written by CSCF which is run on the specified domain controller. It has many features for command based Windows account management, including account creation and password change. updtuser will reset the password for the user's corresponding Windows domain account. If the account does not exist, the account is first created automatically.

Thus passwords set in a CS UNIX region such as teaching, are used to synchronize corresponding user Windows account passwords.

Active Directory Side

Topic revision: r5 - 2013-02-01 - DrewPilcher
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.


Edit

 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2014 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback