Notice: will be retired soon. Please visit our new site at

Mapped User Mode

Leverage Active Directory for Unix without Schema Changes

Mapped User Mode

Unix Identity Integration Scenario: near term audit compliance requirement

Quest Authentication Services’ (formerly Vintela Authentication Services) Mapped User Mode enables Unix users to authenticate using Active Directory’s Kerberos infrastructure without the need to change the Active Directory schema or modify the user’s Windows account. Authentication is accomplished using credentials stored in AD rather than password hashes stored in local files or NIS maps. This means that password policy enforcement, password aging, account locking, and password resets are centrally managed and maintained via AD. With the appropriate parameters set, this integration can effectively provide “instant compliance” for many password management audit issues, with a minimum amount of migration, change in management, or infrastructure overhead. In addition, Unix group IDs and memberships can easily be migrated to Active Directory.

Longer term migration to a fully centralized Active Directory-based Unix authentication infrastructure, which allows for retirement of existing NIS, LDAP, or /etc/passwd files, can be accomplished using other migration and integration technologies provided by Authentication Services on a project schedule relieved of the pressure of immediate compliance requirements.