Active Directory Password Synchronization with Core and Teaching Regions

Complete deliberations concerning the development of password synchronization is found in the ST article [UW-MFCF#39145]. Both Ray Butterworth and Clayton Tucker worked on the development of this mechanism.

UNIX Side

Ray Butterworth modified a feature of the setpw package in UNIX called submit_password. In submit_password, an ssh client is now launched during password change. The ssh process connects to a domain controller in CSCF's Active Directory who's domain corresponds to the xhier region. The user's username new password are piped into the ssh command which takes the following form.

/software/.admin/bins/bin/ssh -1 -x -T [domain_controller_name] updtuser [username] [new_password] /domain 2>&1

updtuser is a Windows command shell script (cmd can be compared to sh or csh with respect to scripting) written by CSCF which is run on the specified domain controller. It has many features for command based Windows account management, including account creation and password change. updtuser will reset the password for the user's corresponding Windows domain account. If the account does not exist, the account is first created automatically.

Thus passwords set in a CS UNIX region such as teaching, are used to synchronize corresponding user Windows account passwords.

Active Directory Side