-- Main.ctucker - 28 Oct 2005
Active Directory Password Synchronization with Core and Teaching Regions
Complete deliberations concerning the development of password synchronization is found in the ST article [UW-MFCF#39145]. Both Ray Butterworth and Clayton Tucker worked on the development of this mechanism.
Ray Butterworth modified a feature of the setpw
package in UNIX called submit_password
. In submit_password
, an ssh
client is now launched during password change. The ssh
process connects to a domain controller in CSCF's Active Directory who's domain corresponds to the xhier region. The user's username new password are piped into the ssh
command which takes the following form.
/software/.admin/bins/bin/ssh -1 -x -T [domain_controller_name] updtuser [username] [new_password] /domain 2>&1
is a Windows command shell script (cmd
can be compared to sh
with respect to scripting) written by CSCF which is run on the specified domain controller. It has many features for command based Windows account management, including account creation and password change. updtuser
will reset the password for the user's corresponding Windows domain account. If the account does not exist, the account is first created automatically.
Thus passwords set in a CS UNIX region such as teaching, are used to synchronize corresponding user Windows account passwords.
Active Directory Side