Notice: will be retired soon. Please visit our new site at

White Papers, Technical Briefs, and Research

Unix Integration and Compliance

These documents provide high-level overviews of topics relevant to simplifying identity management and technology-specific discussions of solutions within Quest’s AD-based approach to heterogeneous identity administration, integration, and compliance.

The Vintela Authentication Services product has been renamed Quest Authentication Services. The update process has not been fully implemented in all the docuements available from this page. Rest assured that functionality, featrues, and benefits remain unchanged if a document does not use the new product name.

Tenets of Identity Management

In this white paper, Jackson Shaw--senior director Product Management for Active Directory at Quest Software--shares what he has learned in more than 20 years and after talking with literally thousands of customers about identity and access management. Shaw provides 12 valuable "tenets" that should be on the mind of every organization seeking to address the the challenges of identity management, particularly in large, complex environments. Download this document

Simplifying Identity Management
Leverage an investment in AD for cross-platform identity management

Most would agree that identity management, in general, is a complex problem. In this technical brief, written by Jackson Shaw, we explore how companies, that have chosen Active Directory® AD) as an identity repository, can utilize Quest Software’s solutions to leverage their investment in AD. This enables more efficient identity and role provisioning, password management capabilities, and audit and compliance reporting. Download this document

Single Sign-on for SAP

In order to increase efficiency, enhance security, and help achieve compliance, Quest Software offers a suite of solutions that extend Active Directory authentication for single sign-on to a variety of platforms and applications, including SAP, ABAP and Java applications. Download this document

Extending Native Active Directory Capabilities to Unix and Linux

Today, many organizations require IT support for a variety of mission-critical software solutions. IT management has become more complex with the need to address mixed-platform environments, which include Windows, Unix, Linux and Java platforms. Incompatibilities between these disparate platforms can complicate management tasks that would otherwise be straightforward in a single-platform environment. This technical brief discusses Authentication Services, the industry's leading solution for integrating native Active Directory access, authentication, and authorization with Unix and Linux platforms and applications. Download this document

Research Brief (Aberdeen) - Dealing with Directories: Fewer Fuels Faster and More Efficient Operations

This independent research by Aberdeen, discusses how "Best in Class" companies are implementing strategies to reduce the total number of directories in their Identity and Access Management environment.s; 1 in 5 have consolidated to a single authoritative repository for user identities. Download this document


Quest Authentication Services and IBM Tivoli Identity Management

This white paper demonstrates how Authentication Services from Quest Software enhances IBM® Tivoli® Identity Management by extending Microsoft Active Directory to non-Windows systems. The extension of Active Directory (AD) makes it possible to provision all users and manage all identities out of one directory. The solution eliminates unnecessary provisioning processes, bolsters security with stronger authentication, improves compliance by providing centralized control over all identities and access activities, and enhances the user experience by streamlining authentication and sign-on. Download this document

Quest Authentication Services: Working with Sun to Simplify Identity Management

Many enterprises today are turning to Sun identity management to streamline and simplify identity-driven processes such as provisioning and de-provisioning, access control, and identity auditing. Authentication Services from Quest allows the enterprises operating both Windows and non- Windows systems to extend their Sun identity management capabilities into non-Windows environments such as Unix, Linux, and Mac. This eliminates duplication of administrative effort, enhances auditing and compliance activities, and enables for the user single or reduced sign-on to all enterprise resources, among other benefits. Download this document

Get to One - Integrating Heterogeneous Systems for Security and Management

Heterogeneous environments create challenges for organizations that are seeking to streamline operations, control costs and reduce operational complexity. Windows infrastructure management technologies provide a very scalable, stable, standards-based platform. However, by themselves, those tools cannot extend to non-Windows systems. As a result, organizations struggle with increased complexity and significant expense as management tasks are duplicated across platforms. In our white paper, Get to One - Integrating Heterogeneous Systems for Security and Management, Jackson Shaw discusses how to effectively integrate Microsoft technologies with an organization's Unix, Linux, Java and Mac systems. The end result is, increased efficiency, enhanced security, streamlined management and reduced operational expense. Download this document

Quest Authentication Services - A Host of Deployment Options to Meet Your Needs

Because no two deployments are the same, Authentication Services offers three flexible deployment options:

  • Standard mode delivers full product functionality for environments that are fully or mostly rationalized. Local Unix users authenticate as usual, and all Unix-enabled Active Directory users can log in to Unix machines using their Active Directory usernames and passwords.
  • Mapped User mode enables organizations to quickly implement centralized Active Directory authentication without having to rationalize the environment; multiple Unix identities are mapped to a single AD account.
  • Unix Personality mode (UPM) delivers a highly flexible model for managing multiple Unix “personalities” by user or group. This mode preserves the administrative boundaries typical to Unix systems while still allowing for consolidation into Active Directory.

Each option is explained in further detail in this technical brief. Download this document

Working Towards an Enterprise without Passwords

eSmart cards are emerging as a viable solution to meet the demand of two-factor authentication. Microsoft included smart card and PKI support in Windows 2000 and Windows Server 2003, while prices are falling for smart card components. In response, more organizations are taking a fresh look at the usage of smart cards to improve their security posture and reduce the costs associated with the password resets that take up an inordinate amount of help desk time. Download this document

Understanding Unix Attribute Storage and the Active Directory Schema

Solutions that integrate Unix, Linux and Mac OS X identities and systems with Windows accounts and Active Directory (AD), require a means of storing the various Unix attributes in AD. In AD, these attributes can be centrally managed along with the Windows account attributes. This white paper discusses how various currently available market solutions approach this requirement differently. These differences need to be understood clearly, as the solution may have important operational, performance and interoperability impacts. This white paper will help you to better understand the options surrounding using the AD schema in these integration scenarios so you can minimize these impacts. Download this document

Centralizing Non-Windows Access Control through Active Directory

Quest Authentication Services extends the native access control capabilities of AD to non-Windows systems, providing centralized access control. In other words, it allows non-Windows systems to become “full citizens” in AD for centralized authentication. Once your Unix, Linux, and Mac systems have joined the AD domain, you can easily control which AD users are permitted to authenticate to your non-Windows systems. Download this document

Enterprise Group Policy

Quest Authentication Services seamlessly extends the Windows Group Policy framework to non-Windows systems. You can centrally manage thousands of Unix settings from the existing Group Policy Management Console (GPMC) without buying any additional components or infrastructure. Download this document

Quest Authentication Services: A Comprehensive Solution for NIS Migration

This technical brief discusses the comprehensive set of tools and capabilities of Authentication Services to help migrate NIS data into Active Directory. Download this document

Access Control of Unix Systems in an Active Directory-Based Identity Management Environment

This white paper discusses the types of access control mechanisms in Unix and Linux systems where the Unix accounts and identities are being managed through Microsoft Active Directory (AD). In this special case, Unix hosts are directly integrated with AD. Access control raises unique concerns in these situations. A number of options exist for access control, with varying degrees of relevance. Download this document

Kerberos and the Way Forward for Application Single Sign-on

A Look at Quest’s SAP-Certified solution for SAPgui and Unix-Hosted SAP R/3 Systems

This paper will discuss the specific integration between SAP hosted on Unix systems and AD through Quest Software’s Authentication Services solution. Download this document

Implementing Federal Information System Controls with Quest Products

Federal agencies are under increasing pressure to implement effective internal controls over their information systems.  This document outlines some of the federal regulations, illustrates an integrated approach as information system controls, and shows how Quest products help automate federal information system controls. Download this document

Understanding the Unix Personality Management Schema Extension

This 'technical note' discusses the Unix Personality Management feature in Authentication Services and its relevance to the new RFC 2307 schema definition available in the R2 release of Active Directory. Download this document

Quest Authentication Services Compared to Samba

Upon deeper examination there are some fundamental differences between Authentication Services and Samba/Winbind. Download this document

Cross-platform Identity Reporting
Quest Authentication Services and Quest Reporter, working together

At its very core, Authentication Services allows Unix and Linux systems and applications to participate as “full citizens” in Active Directory. A natural byproduct of this integration is that Unix and Linux system information, User IDs, and Group IDs are available to Quest Reporter in exactly the same way that Active Directory information is available. Among the powerful reporting capabilities that are now available to a Authentication Services-enabled enterprise through Quest Reporter including: ad hoc reporting, scheduled collection of information, action-enabled reports, and change history reports. Download this document

Quest Solutions for the PCI Data Security Standard

Merchants who want their non-consumer Unix, Linux and Mac users to have controlled and secure access to cardholder data can use a number of Quest products including Authentication Services to help satisfy requirements 1, 2, 7 and 8 of the PCI DSS2 regardless of whether the cardholder data is managed within a Windows domain or on a Unix/Linux/Mac system. Download this document

NIS and Legacy Unix Migration to Active Directory

Using Authentication Services to establish an integrated authentication environment and enable regulatory compliance. Authentication Services simultaneously supports ongoing production operations and provides a migration path to complete Active Directory integration and NIS replacement without adversely impacting existing systems and processes. The combination of flexible deployment options, data transparency and Quest-provided tools enable migrating and consolidating data from various stores into a single, consistent, enterprise-wide identity. The use of standards, such as RFC 2307, as the native store for Unix identity information, aligns with standard Unix practices. Quest’s products are architected to naturally integrate with the majority of real world Windows and Unix deployments. Download this document

Securing Java Applications with Active Directory

As the number of applications in an enterprise increases, so does the number of identities. The end result is increased cost and reduced productivity. This mini-whitepaper outlines the technologies provided by Microsoft’s Active Directory (AD) and Java 2 Enterprise Edition (J2EE) for authenticating and authorizing access to applications and introduces a solution for combining these technologies to provide single sign-on (SSO) without the cost and complexity of a new infrastructure. Download this document

Smart Card Authentication for J2EE Applications Using Single Sign-on for Java

This white paper discusses how smart card authentication can be achieved for Java 2 Enterprise Edition (J2EE) applications using Single Sign-On for Java from Quest Software. Download this document

Web Services Single Sign-on Using J2EE and .NET

This white paper demonstrates how to create a single sign-on (SSO) environment for Enterprise J2EE and .NET Web services using Active Directory® (AD), to meet this goal. It provides true SSO, which requires the user to login to their desktop only once, and supports delegation and end-to-end security. We show how this capability can be deployed by an organization straight away, by reusing an existing infrastructure and without changing a line of code. Download this document