What are easy/low-cost options to leverage existing AD infrastructure for use with "loosely managed" UNIX-like systems (Mac OS X, Linux)?
Ruling out
NIS+ is dead. NIS is ancient with architectural security issues and is deprecated. LDAP doesn't have the same authentication strength as kerberos backed AD, not to mention host management features of aD.
Goals
Looking to take full advantage of Active Directory, not just as a user authentication service (kerberos and password management and other identity management functions) but as a host management platform (as when we push out Group Policy Objects to bound windows clients).
Candidates
- Quest's Quest Authentication Services
- Likewise Likewise Enterprise or Likewise Open + Likewise UID-GID Module
- Centrify's Centrify Direct Control
Distinctions
Ability to perform Host management functions (pushing cross-platform group policy objects; system inventory/configuration registry) in addition to perform user sync. Quest and Centrify seem to offer that, I don't see that Likewise has that capability. Centrify has a "zoning feature" which allowed delegating administration and user management.
