Active Directory Authorization - Authentication Active Directory

Active Directory Authorization - Authentication Active Directory - Active Directory Support

Authorization

With BeyondTrust, both schema mode and non-schema mode provide a method for storing Unix and Linux information in Active Directory -- including UIDs and GIDs -- so that PowerBroker can map SIDs to UIDs and GIDs and vice versa. This mapping enables BeyondTrust to use an Active Directory user account to grant a user access to a Unix or Linux resource that is governed by a UID-GID scheme. When an AD user logs on a Unix or Linux computer, the PowerBroker agent communicates with the Active Directory domain controller through standard LDAP protocols to obtain the following authorization data:

UID
Primary GID
Secondary GIDs
Home directory
Login shell

BeyondTrust uses this information to authorize the user to access Unix and Linux resources.

The final challenge in achieving interoperability between Active Directory and Unix, Linux, and Mac OS X computers is the application of group policy. Likewise empowers you to centrally manage non-Windows systems by using the Microsoft Group Policy Object Editor and the Microsoft Group Policy Management Console to apply more than 80 BeyondTrust group policies and thousands of Gnome-based policies to computers running Linux, Unix, and Mac OS X.

For example, you can use a group policy to control who can use sudo to access root-level commands by specifying a common sudoers file for target computers in a domain. Using a group policy for sudo gives you a powerful method to remotely and uniformly audit and control access to Unix and Linux resources.

In addition, PowerBroker Identity Services, Enterprise Edition lets you set Managed Client Settings for Mac computers with Workgroup Manager, a free server administration tool from Apple for remotely managing user, group, and computer settings on Mac OS X machines. PowerBroker Identity Services, Enterprise Edition integrates Workgroup Manager with Active Directory by storing and applying Managed Client Settings (MCX) as standard Microsoft Active Directory group policy objects, or GPOs.

The PowerBroker Administrative Console is an extensible service for running management applications, called snap-ins or plug-ins, on a Linux or Mac computer. For example, the console lets you run an Active Directory User and Computers snap-in on a Linux computer so you can modify objects in Active Directory without leaving your Linux desktop.

Who We Are & What We Do

BeyondTrust is the global leader in securing the perimeter within to mitigate internal threat and the misuse of privileges. BeyondTrust offers consistent policy-driven, role-based access control, monitoring, logging, and reporting to protect internal assets from the inside out. The company’s products empower IT governance to strengthen security, improve productivity, drive compliance, and reduce expense across physical, virtual, public, private, and hybrid cloud environments.

(800) 234-9072
(818) 575-4000

Products
Support
Partners
Company
- About Us
- Management
- Careers
- Offices
- Contact Us
- News & Events
- Blog
- Portal Login
- Privacy

BeyondTrust

Perimeter
Within

The Problem »

The Solution »

Cloud
& Virtual

PowerBroker® Virtualization »

Server
& Infrastructure

PowerBroker® Servers
for UNIX »

PowerBroker® Servers
for Linux »

PowerBroker® Servers
Windows Edition »

PowerBroker® Servers
Enterprise »

PowerBroker® Databases
Monitor and Audit »

PowerBroker® Identity Services
Enterprise Edition »

PowerBroker® Password
Safe »

PowerBroker® Express »

Desktop
& Mobile

PowerBroker® Desktops
Windows Edition »

PowerBroker® DLP »

Free
Software

PowerBroker® Identity Services
Open Edition »

PowerBroker® Desktops
Free Tool »