Short-term Credential Caching
Although most network outages are short-lived, the PowerBroker Identity Services, Enterprise Edition agent also supports long-term credential caching. This feature allows Linux/UNIX laptop computers to run PowerBroker Identity Services, Enterprise Edition even though they might be disconnected from an Active Directory domain controller for extended lengths of time. The lifetime of the PBIS credential cache can be configured to be short for optimal security or long to account for laptop and other computers that may be disconnected for protracted periods
Cell Manager is a PowerBroker MMC snap-in for managing PBIS cells associated with Active Directory Organizational Units. PowerBroker Identity Services, Enterprise Edition associates cells with Organizational Units to map Active Directory users to Unix user and group identifiers. Your PBIS cells can match the hierarchy of your Organizational Units, or you can use a default cell.
Cell Manager runs on a Windows administrative workstation that connects to your Active Directory Domain Controller to simplify the management of your cells and give you direct access to your Linux, Unix, and Mac users and groups. You can perform the following administrative tasks without using Active Directory Users and Computers:
- Delegate management
- Change permissions for a cell
- Add cells
- View cells
- Associate cells with OUs
- Provide users and groups with Linux and Unix access
- Change the UID or GID of a user
- Add and delete users and groups
- Connect to another domain
- Filter cells to reduce clutter
- Manage NIS maps
Automatically installed when you install the PowerBroker Identity Services, Enterprise Edition Management Console, Cell Manager can be launched from the console.
Traditional Linux and UNIX organizations have long since recognized the need for a centralized service to store usernames and group names in an organization. One of the earlier efforts for a centralized identity store was the Network Information Service (NIS). NIS allows systems administrator to provision a central server to store /etc/passwd and /etc/group files. All cooperating UNIX machines access the NIS server whenever a user logs into them. Although NIS provides for centralized storage of user accounts, many companies find it useful and/or necessary to run multiple NIS servers.
In spite of some early success, the use of NIS is declining. NIS has security weaknesses that are considered unacceptable by modern standards. Additionally, Microsoft Windows does not support NIS and, as such, it cannot be used for all authentication purposes.
Solutions that aim to replace NIS (for example, PowerBroker Identity Services, Enterprise Edition) must provide better security, support for multiple operating systems and an easy migration path from one or more NIS servers. Additionally, because multiple NIS servers can result in a single user being mapped to multiple user and group IDs, any NIS replacement must also be able to provide this feature.