Product Support
Support for your product in a single location.
Downloads
New releases, updates and patches.
Company Brochure
What does Simplicity Mean?Learn more in our brochure
Executive Blog
Our leaders' commentary on news in the software industry. Read now
Careers
Where do you want to be?Search jobs
These detailed documents, tools, and resources provide specific direction, and even software, to help implement Quest solutions for simplifying identity management with a number of popular applications, open source projects, and implementation requirements. Many of these documents, guidance, and solutions are available through Quest’s Resource Central site.The Authentication Services product has been renamed Quest Authentication Services. The update process has not been fully implemented in all the documents available from this page. Rest assured that functionality, features, and benefits remain unchanged if a document does not use the new product name.
This document provides basic guidance on the configuration of Sybase Adaptive Server Enterprise (ASE) to enable Active Directory (AD) authentication through Quest Authentication Services to achieve centralized authentication and transparent single sign-on for Sybase ASE accounts. Download this document
The Authentication Services and SAP SNC Solution provides a greatly increased level of security, identity integration, centralized auditing, data integrity and security, and user experience. The integration of Unix and Linux hosts with Active Directory through Authentication Services allows SAP client and servers to use the capabilities of the SAP SNC interface to use a common security and authentication infrastructure and to fully leverage the ability of Windows XP and Windows Professional desktops to provide a secure authentication token in the form of a Kerberos ticket, while retaining the benefits of continued deployment of SAP R/3 server solutions on Unix hosts. Download this document
This document describes the vendor SSH tools tested by Quest Software against Active Directory login and Single Sign-on functionality with Quest Authentication Services, and what configuration was required for them to work. Download this document
This guide is provided to assist in the integration of Verisign Unified Authentication (UA) and Quest Software’s Authentication Services product. This integration guide will provide guidance on how to configure a two-factor authentication solution that leverages the benefits of your Active Directory infrastructure. Download this document
This guide is provided to assist in the integration of RSA SecurID and Quest Software’s Authentication Services product. This integration guide will provide guidance on how to configure a two-factor authentication solution that leverages the benefits of your Active Directory infrastructure. Download this document
This 'best practices' document describes how to apply an individual policy to a specific Unix server, servers, or group(s) of servers. This is the preferred method for access control. Download this document
This document describes how Windows Group Policy settings relate to Authentication Services. Download this document
This 'technical note' discusses managing Unix application accounts with Active Directory as those systems have joined the AD domain through Authentication Services. Download this document
This Application Note discusses using Authentication Services and Microsoft Identity Integration Server (MIIS) to automatically provision true, automated, enterprise-wide single sign-on for Unix and Linux systems. Provisioning users on Unix and Linux systems is made simple by the use of MIIS and Authentication Services. Authentication Services allows Unix and Linux platforms to integrate with Active Directory (AD) in a way comparable to the way Windows clients authenticate while MIIS 2003 is a centralized service that stores and integrates identity information for organizations with multiple directories. Download this document
This Technical Note provides step-by-step guidance on how to configure an Authentication Services Unix client to service a NetApp Filer. Download this document
The purpose of this document is to describe the configuration necessary to allow NetApp® storage systems to leverage the Unix identity data stored by Authentication Services in Active Directory (AD). Download this document
This Technical Note discusses migrating and managing multiple NIS domains to Active Directory using Authentication Services’ Unix Personality Management. Download this document
OpenSSH is an open-source implementation of the SSH protocol. SSH provides secure, encrypted remote login, secure file transfer, and other secure communication services. The OpenSSH project's web site is at www.openssh.org.The OpenSSH provided by Quest Resource Central is an adaptation of OpenSSH-portable modified to provide default single sign-on capability for Quest customers using the Authentication Services and/or Quest Management eXtensions for SMS (VMX) products. Quest's version of OpenSSH defaults to authenticating users via the GSSAPI-with-MIC mechanism, and authenticating hosts using GSSAPI-KEX. Vintela-OpenSSH works in conjunction with Authentication Services, to allow secure shell single sign-on to Unix hosts that have been joined to Active Directory domains.Each platform package includes both the client, ssh, and the server, sshd.Access this resource now
OpenSSH is an open-source implementation of the SSH protocol. SSH provides secure, encrypted remote login, secure file transfer, and other secure communication services. The OpenSSH project's web site is at www.openssh.org.
The OpenSSH provided by Quest Resource Central is an adaptation of OpenSSH-portable modified to provide default single sign-on capability for Quest customers using the Authentication Services and/or Quest Management eXtensions for SMS (VMX) products. Quest's version of OpenSSH defaults to authenticating users via the GSSAPI-with-MIC mechanism, and authenticating hosts using GSSAPI-KEX. Vintela-OpenSSH works in conjunction with Authentication Services, to allow secure shell single sign-on to Unix hosts that have been joined to Active Directory domains.
Each platform package includes both the client, ssh, and the server, sshd.
Access this resource now
PuTTY from Quest is a derivative of Simon Tatham's PuTTY, an open-source Secure Shell (SSH) client for Windows. It includes:PuTTY - easy-to-use terminal emulation clientplink - a command-line session and tunneling toolpsftp - the secure file transfer toolpscp - an OpenSSH-compatible secure copy toolQuest has extended PuTTY with the following features:Active Directory (GSSAPI Kerberos) single sign-onQuest PuTTY uses the Windows user's login credentials to automatically authenticate against a GSSAPI-enabled SSH server such as OpenSSH. Specifically, the credentials are obtained from the Microsoft Kerberos SSPI, and exchanged using the GSSKEX, gssapi-with-mic and gss-keyex mechanisms.Group Policy controlQuest PuTTY configuration defaults can be changed using group policy, and some configuration options can be limited or locked by group policy.Access this resource now
PuTTY from Quest is a derivative of Simon Tatham's PuTTY, an open-source Secure Shell (SSH) client for Windows. It includes:
PuTTY - easy-to-use terminal emulation client
plink - a command-line session and tunneling tool
psftp - the secure file transfer tool
pscp - an OpenSSH-compatible secure copy tool
Quest has extended PuTTY with the following features:
Active Directory (GSSAPI Kerberos) single sign-on
Quest PuTTY uses the Windows user's login credentials to automatically authenticate against a GSSAPI-enabled SSH server such as OpenSSH. Specifically, the credentials are obtained from the Microsoft Kerberos SSPI, and exchanged using the GSSKEX, gssapi-with-mic and gss-keyex mechanisms.
Group Policy control
Quest PuTTY configuration defaults can be changed using group policy, and some configuration options can be limited or locked by group policy.
mod_auth_vas is an Apache authentication and authorization module for use with the Apache web server, versions 1.x and 2.x.The module uses Quest Authentication Services to implement the HTTP SPNEGO protocol, with optional fallback to 'Basic' authentication for browsers that do not support SPNEGO. In effect, mod_auth_vas allows the Apache web server to perform Windows Integrated Authentication (single sign-on).Browsers that can authenticate using SPNEGO automatically (without prompting for a password) include Internet Explorer and Firefox.DocumentationThe installation and how-to guides are good first-step and reference documents. The troubleshooting reference might also be handy. These documents should contain everything required to compile and install the module, as well as configuring client browsers and debugging if problems arise.Access this resource now
mod_auth_vas is an Apache authentication and authorization module for use with the Apache web server, versions 1.x and 2.x.
The module uses Quest Authentication Services to implement the HTTP SPNEGO protocol, with optional fallback to 'Basic' authentication for browsers that do not support SPNEGO. In effect, mod_auth_vas allows the Apache web server to perform Windows Integrated Authentication (single sign-on).
Browsers that can authenticate using SPNEGO automatically (without prompting for a password) include Internet Explorer and Firefox.
Documentation
The installation and how-to guides are good first-step and reference documents. The troubleshooting reference might also be handy. These documents should contain everything required to compile and install the module, as well as configuring client browsers and debugging if problems arise.
Samba is a Unix implementation of the Microsoft Windows network filesystem protocol (CIFS or SMB). With Samba you can access Unix filesystems from Windows, and vice versa.Our Samba solution consists of two packages:quest-samba - a standalone package containing the Samba server and client tools. This independent, GPL package has a default configuration that interoperates with Quest Authentication Services through Kerberos configuration, keytab and LDAP interfaces.quest-vasidmap - a helper package that provides Samba servers with accurate identity information for unix-enabled Active Directory users. We recommended it be used in all installations, but it is required for servers using Authentication Services' UPM feature (Unix personality management).These package provide Authentication Services customers with single-sign-on, authenticated CIFS service for Unix clients and servers in an Active Directory environment. Our enhancements include:tools default to using single-signon (Kerberos/Active Directory)simplified installation and configuration instructionsa post-install configuration script for quest-vasidmapdPlease see the installation guide for full instructions and troubleshooting.Access this resource now
Samba is a Unix implementation of the Microsoft Windows network filesystem protocol (CIFS or SMB). With Samba you can access Unix filesystems from Windows, and vice versa.
Our Samba solution consists of two packages:
These package provide Authentication Services customers with single-sign-on, authenticated CIFS service for Unix clients and servers in an Active Directory environment. Our enhancements include:
tools default to using single-signon (Kerberos/Active Directory)
simplified installation and configuration instructions
a post-install configuration script for quest-vasidmapd
Please see the installation guide for full instructions and troubleshooting.
These consist of Kerberos-enabled TELNET, FTP, RSH/RCP clients and servers packaged for Authentication Services-enabled platforms. These tools give users the benefits of single sign-on for the more traditional remote access tools.Clients: telnet, ftp, rsh, rcpServers: telnetd, ftpd, rshdResource Central recommends the use of OpenSSH over Kerberized Apps tools where possible. OpenSSH is generally more flexible, better supported, and provides stronger security.This software is substantially based on the apps component of Heimdal Kerberos.Access this resource now
These consist of Kerberos-enabled TELNET, FTP, RSH/RCP clients and servers packaged for Authentication Services-enabled platforms. These tools give users the benefits of single sign-on for the more traditional remote access tools.
Clients: telnet, ftp, rsh, rcp
Servers: telnetd, ftpd, rshd
Resource Central recommends the use of OpenSSH over Kerberized Apps tools where possible. OpenSSH is generally more flexible, better supported, and provides stronger security.
This software is substantially based on the apps component of Heimdal Kerberos.
Sudo is a tool that allows commands to be run as root or other users, with command logging and fine-grained access controls.Quest Sudo adds two features to the standard Sudo application: Active Directory group matching for access controls, and newgrp-style group changing.Active Directory group matchingQuest Sudo can use Authentication Services to make access control decisions based on Active Directory group memberships – even for groups that are not Unix-enabled.newgrp-style group changingQuest Sudo adds the ability for users to change their primary group to any group permitted by the system administrator. This provides a more secure mechanism than newgrp by avoiding the need for shared passwords.Access this resource now
Sudo is a tool that allows commands to be run as root or other users, with command logging and fine-grained access controls.
Quest Sudo adds two features to the standard Sudo application: Active Directory group matching for access controls, and newgrp-style group changing.
Active Directory group matching
Quest Sudo can use Authentication Services to make access control decisions based on Active Directory group memberships – even for groups that are not Unix-enabled.
newgrp-style group changing
Quest Sudo adds the ability for users to change their primary group to any group permitted by the system administrator. This provides a more secure mechanism than newgrp by avoiding the need for shared passwords.
db2_sys-auth is a security plugin for DB2 UDB 8.2 that authenticates users using PAM or AIX's LAM. With VAS, this plugin allows unix-enabled Active Directory users to use your databases.The plugin uses getgrent calls to determine group membership (getgrset on AIX), getpwnam to validate user names, and LAM/PAM to authenticate. This means DB2 can now make use of any authentication system that provides an NSS interface for information (administrative domains on AIX), and LAM/PAM for authentication. This includes VAS, LDAP, NIS and other third-party external systems.This plugin is suitable for DB2 UDB 8.2/9.1 Server, Client, and Groups products.Access this resource now
db2_sys-auth is a security plugin for DB2 UDB 8.2 that authenticates users using PAM or AIX's LAM. With VAS, this plugin allows unix-enabled Active Directory users to use your databases.
The plugin uses getgrent calls to determine group membership (getgrset on AIX), getpwnam to validate user names, and LAM/PAM to authenticate. This means DB2 can now make use of any authentication system that provides an NSS interface for information (administrative domains on AIX), and LAM/PAM for authentication. This includes VAS, LDAP, NIS and other third-party external systems.
This plugin is suitable for DB2 UDB 8.2/9.1 Server, Client, and Groups products.
