Partager via


Password Synchronization

Applies To: Windows Server 2008

Password Synchronization helps integrate Windows and UNIX networks by simplifying the process of maintaining secure passwords in both environments. Users are freed of the difficulty of maintaining separate passwords for their Windows and UNIX accounts or having to remember to change the password wherever it is used. With Password Synchronization, whenever a user's password is changed on a Windows-based computer or domain, the password can also be automatically changed on every UNIX host for which the user has an account. Password Synchronization can also be configured to change the user's Windows password when the user's UNIX-based password is changed.

Aspects

The following is a list of all aspects that are part of this managed entity:

Name Description

UNIX to Windows Password Synchronization -- Configuration Issues

UNIX to Windows Password Synchronization -- Configuration Issues indicates the completeness or usability of settings that are configured for UNIX to Windows password synchronization.

When Password Synchronization is properly configured for UNIX to Windows synchronization, and the synchronization service is available, passwords that are changed on UNIX hosts are synchronized on Windows-based computers and domains. The Password Synchronization pluggable authentication module (PAM) makes this possible by intercepting the password change request on the UNIX host, encrypting the password (provided that encryption keys across the Windows and UNIX environments match), and then sending the password change request to the Password Synchronization service running on the Windows-based computers with which it is configured to be synchronized.

UNIX to Windows Password Synchronization Service -- Run-time Issues

UNIX to Windows Password Synchronization Service -- Run-time Issues indicates the functionality of UNIX to Windows password synchronization operations.

When Password Synchronization is configured for UNIX to Windows synchronization, and UNIX to Windows synchronization is functioning normally, passwords that are changed on UNIX hosts are synchronized on Windows-based computers and domains. The Password Synchronization pluggable authentication module (PAM) makes this possible by intercepting the password change request on the UNIX host, encrypting the password, and then sending the password change request to the Password Synchronization service running on the Windows-based computers with which it is configured to be synchronized.

UNIX to Windows Password Synchronization Service Availability

UNIX to Windows Password Synchronization Service Availability provides information to help you interpret system messages indicating the operational state of the UNIX to Windows password synchronization service and its availability to synchronize user account passwords to the Windows environment that are changed in the UNIX environment.

When Password Synchronization is configured for UNIX to Windows synchronization, and the synchronization service is available, passwords that are changed on UNIX hosts are synchronized on Windows-based computers and domains. The Password Synchronization pluggable authentication module (PAM) makes this possible by intercepting the password change request on the UNIX host, encrypting the password, and then sending the password change request to the Password Synchronization service running on the Windows-based computers with which it is configured to be synchronized.

The UNIX to Windows Password Synchronization Service is generally available unless the Password Synchronization daemon has failed to initialize.

Windows to UNIX Password Synchronization -- Configuration Issues

Windows to UNIX Password Synchronization -- Configuration Issues indicates the completeness or usability of settings that are configured for Windows to UNIX password synchronization.

When Password Synchronization is properly configured for Windows-to-UNIX synchronization, and a password is changed on a Windows-based computer running Password Synchronization, the Password Synchronization service determines whether the user's password is to be synchronized on UNIX computers. When the Password Synchronization service is operating normally, and encryption keys in both the UNIX and Windows environments match, it encrypts the password and sends it to the Password Synchronization daemon on each computer with which the Windows-based computer is configured to be synchronized. The daemon then decrypts the password and changes the password on the UNIX host.

Windows to UNIX Password Synchronization Service -- Run-time Issues

Windows to UNIX Password Synchronization Service -- Run-time Issues indicates the functionality of Windows to UNIX password synchronization operations.

When Password Synchronization is configured for Windows-to-UNIX synchronization, and a password is changed on a Windows-based computer running Password Synchronization, the Password Synchronization service determines whether the user's password is to be synchronized on UNIX computers. When the Password Synchronization service is operating normally, it encrypts the password and sends it to the Password Synchronization daemon on each computer with which the Windows-based computer is configured to be synchronized. The daemon then decrypts the password and changes the password on the UNIX host.

Windows to UNIX Password Synchronization Service Availability

Windows to UNIX Password Synchronization Service Availability indicates the operational state of the Windows to UNIX password synchronization service and its availability to synchronize user account passwords to the UNIX environment that are changed in the Windows environment.

When Password Synchronization is configured for Windows-to-UNIX synchronization, and a password is changed on a Windows-based computer running Password Synchronization, the Password Synchronization service determines whether the user's password is to be synchronized on UNIX computers. When the Password Synchronization service is operating normally, it encrypts the password and sends it to the Password Synchronization daemon on each computer with which the Windows-based computer is configured to be synchronized. The daemon then decrypts the password and changes the password on the UNIX host.

Generally, the service is available if it has read and modify permissions in the Windows Registry, and if the computer on which Password Synchronization is installed remains an Active Directory® Domain Services domain controller.

Identity Management for UNIX