Unix and Active Directory Integration with vastool

Vintela(Quest) Authentication Services (VAS) unifies Windows, Unix and Linux authentication and identity management so that regardless of which platform you want to access, you can log in using your Windows Active Directory user name and password. VAS securely and conveniently eliminates the need for manual ”per-system” identity administration, User and Group NIS maps, and password synchronization scripting.

VAS also eliminates the need to layer third-party software on top of the critical security components of Windows 2000/2003. Instead, VAS provides fully compatible client libraries and utilities that transparently and securely redirect the core Unix authentication and identity management functionality to Windows domain controllers using interoperable protocols (such as Kerberos v5 and LDAP).

Other identity management solutions layer additional software on top of Active Directory or replace it altogether. In either case, solutions that interrupt the core Windows 2000/2003 services to provide a gateway for Unix interoperability, add to the windows management complexity and create dangerous security vulnerabilities that affect overall enterprise security and stability.

VAS Benefits and Features

Complete Integration with Active Directory: Active Directory users can authenticate to Unix resources and Active Directory groups can be used to provide access control to Unix resources. No password or account synchronization is used. All Unix authentication identity management features operate in real time with changes made by administrators on Windows domain controllers.

Authentication Using Kerberos: VAS uses Kerberos v5, which is the native authentication protocol for Windows 2000 and Windows 2003. The use of Kerberos eliminates the need to send passwords or password hashes over the network in plain text. All password change requests are performed using Kerberos, and enforce Windows password policies established by the domain administrator. Using Kerberos also eliminates the need for the distribution of SSL certificates to Unix clients and modifying Active Directory to use SSL for LDAP security. All VAS LDAP communication is secured using Kerberos. Finally, VAS maintains compatibility with MIT-style Kerberos implementations and can be used with Unix applications that link with 3rd party Kerberos libraries.

Persistent Client Cache: VAS is a scalable product that uses a persistent client side storage to cache frequently accessed user account information. Intelligent caching algorithms allow VAS to limit the amount of network traffic it uses and simplifies the complexity of LDAP searches for Active Directory. This design also allows for hundreds of concurrent Unix processes to authenticate and resolve Unix account information (UID, GID, etc) without overloading the Active Directory server with search requests. The persistent cache also

allows VAS to be configured to continue working even when it loses contact with the Active Directory server.

Integration with existing Unix utilities and applications: VAS has been designed to seamlessly integrate with the core Unix authentication subsystems (PAM and NSS) so that existing applications can take advantage of Active Directory integration without any modifications. For example, Apache, OpenSSH, telnet, and ftp all easily integrate with VAS and can authenticate Active Directory users immediately after the installation and configuration of VAS.

Unix System Utilities

Below is the list of system utilities for UNIX / Linux servers in following category/Features:

1. Process listing

2. Free/available memory

3. Disk utilization

1. ps – process status/listing for current user

a. ps -ef or ps –aux Lists all processes runnin on the server

b. ps –aumysql – List all processes run by a specific user (mysql).

2. top – combines, ps, uptime, free and updates at regular interval

a. top output can be sorted in by any field

b. top –p <process-id> to check the memory/CPU utilization of a specific process.

3. uptime – returns useful system utilization information:

a. current time

b. uptime – days, hours and minutes

c. connected users

d. load averaged – 1,5,15 minute values

4. free – returns memory utilization

a. RAM

b. SWAP

free -m – for human readable format

5. df – returns disk partition/mount point information

a. df – returns info. using kilobytes

b. df -h – returns info. using megabytes/human readable (gigs/teray/etc.)

6. vmstat – reports on: processes, memory, paging, block I/O, traps, CPU activity

a. vmstat

b. vmstat -p /dev/hda1 – returns partitions stats for /dev/hda1 (/boot)

7. gnome-system-monitor – GUI, combining most system utilities

8. ls -ltr /proc

a. cat /proc/cpuinfo

9. kill PID – kills the process with a given PID

10. runlevel – returns runlevel information using 2 fields:

a. represents previous runlevel

b. represents current runlevel

Check UNIX CPU for 32 bit or 64bit

Command to check Processor details:

Prompt> cat /proc/cpuinfo

Use the following command to check whether the CPU is 32bit processor or 64 bit processor.

Prompt> getconf LONG_BIT