Features and Benefits: Active Directory-based access control

Quest Authentication Services

Access control of Unix, Linux, and Mac systems and many non-Windows applictaion is one of the key compliance challenges facing many heterogenous organiztaions. Quest Authentication Services' (formerly Vintela Authentication Services) patented technology provides powerful access contol based on Active Directory for Unix, Linux, and Mac systems and applictaions.

Authentication Services offers a variety of access control options.

Access Control Based on Group Membership - Determine which users are allowed to access non-Windows systems based on Active Directory group memberships.
Authentication AND authorization from the same Active Directory Group - Use AD groups to control a user’s elevated rights on a system based on policy in conjunction with popular open-source tools such as Sudo or through more robust commercial solutions such as Quest Privilege Manager for Unix. By placing a user in a particular AD group, you can give the end-user access to the system and control what elevated rights they have on that system.
Extended capabilities for granular control - Achieve even more granular access control control. The following Active Directory mechanisms can be used to allow or deny access to any non-windows systems:

  • Membership in an Active Directory group (including nested group support)
  • Membership in a particular Organizational Unit (OU)
  • Membership in a particular Active Directory domain
  • Individual Active Directory users allowed/denied to specific systems
  • Individual services (SSH, FTP, Telnet, etc) can be specified
Existing Active Directory Group Policies - Extend the capabilities of existing access control Group Policies to non-Windows systems.
The ‘Log On To’ functionality – Extend the native Active Diretory “Log On To” capability to non-Windows systems.
Support for Netgroups - Support and extend NIS (Network Information Service) Netgroups from Active Directory to non-Windows systems.
Client-Side Tools - Use a unique and valuable set of client-side tools that display which methods are active on a particular system as well as detail of the specific allow/deny rules.
Access Control Based on Service - Leverage extremely granular access control to not only control which systems users can authenticate to but even how they authenticate.
Additional Tools - Address the specific access control needs of Unix systems and the “root” credential through additional Quest tools including:
*This product includes software developed by SAP AG