NBU Java console authentication and authorization - integration with Active Directory
Are you using ActiveDomain authentication for access to Unix/Linux servers? Why not to use it for access to Java management console? It's not such difficult, just to configure PAM the right way. I have found this idea on Symantec discussion forum but I don't remember the article. (Please, give me notice if you will find it to give credit to author.)
PAM can solve Java console authentication. But how to resolve authorization? It's defined in /usr/openv/java/auth.conf file. If you know how to integrate authorization with AD, please, share your tips in comments. Until some smarter solution you can use my own.
I have written perl script running by cron (one daily is suitable for me). It takes list of users from the proper AD groups and create auth.conf file. Script supports more AD groups. The groups can be either admins or operators. People in admin groups will get full rights, for people from operator groups you can specify list of rights as required.
You can get the script with full description on my PAGE.