[Info-vax] : AUTHORIZE Enhancement
Kerry Main
kemain.nospam at gmail.com
Mon Nov 28 20:41:33 EST 2016
> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
> Of Stephen Hoffman via Info-vax
> Sent: 28-Nov-16 5:40 PM
> To: info-vax at rbnsn.com
> Cc: Stephen Hoffman <seaohveh at hoffmanlabs.invalid>
> Subject: Re: [Info-vax] : AUTHORIZE Enhancement
>
> On 2016-11-28 07:11:04 +0000, David Froble said:
>
> > Steve has been lobbying for LDAP (or however it's spelled).
I
> don't
> > know enough to have an opinion.
>
> Active Directory, Open Directory and such are increasingly
> ubiquitous on even moderate-sized computer networks.
>
> Active Directory and Open Directory already provide distributed
> authentication and LDAP services in many organizations, and
> OpenVMS can tie into LDAP authentication.
>
> DNS services, DHCP, LDAP, TLS, IPv6, etc., are the foundations
of
> distributed computing, and the environment OpenVMS must
> work with.
>
> As part of this migration to LDAP, redesign, rethink and remove
> the utter morass of RMS indexed files underneath
> authentication, clustering and related.
>
> Focus forward. Stop messing around with SYSUAF, EDT, DECnet
> and the
> rest of the glorious past.
>
> Give existing folks a path forward, and give new folks good
> reasons to pick and to integrate OpenVMS with their
> environments.
>
I would agree .. enterprise authentication must be capable of
providing SSO (single sign-on) and resource management (group
policies etc.) across many clustered/non-clustered systems and
the industry standard approach to do this for the last 2 or 3
decades has been with enterprise directories / LDAP.
Most here may be familiar with MS's Active Directory and the
concept of "local" accounts and "domain" accounts.
Think of sysuaf as the "local" account and the LDAP account as
the "domain" account.
After implementing an enterprise directory, where most customers
are headed is adding IdM (Identity Management) which adds
additional layers.
Reference the diagram at the following site link as a sample:
https://www.forgerock.com/platform/
Also, this OpenVMS Connector product may be of interest:
http://www.idmworks.com/iam-integration-software/openvms-connecto
r/
" The IDMWORKS' IdentityForge Advanced Adapter for HP OpenVMS
(VAX, Alpha, Integrity) is a connector that enables any identity
infrastructure to automate and manage your OpenVMS user security
information, profiles, rights and other resources via a seamless,
standard approach.
The HP OpenVMS connector works in conjunction with the
IdentityForge LDAP Virtual Gateway (built on JAVA technology
along with a LDAPv3 standard protocol interface) which will allow
any standard LDAPv3 Client or LDAP Identity Management Adapter to
seamlessly integrate the OpenVMS OS user and rights management
functionality.
The OpenVMS advanced adapter enables provisioning and
reconciliation of events within the OpenVMS OS security manager
and automates functions that administrators usually perform
manually. It functions as a trusted virtual administrator
performing tasks such as creating new users and resetting
passwords. This reduces administration costs and provides better
control of access"
Regards,
Kerry Main
Kerry dot main at starkgaming dot com
More information about the Info-vax
mailing list