Quest has been named as an ASP "Ten Best Web Support Sites" award winner. Learn more.
Privileged Access Suite for Unix solves the inherent security and administration issues of Unix-based systems (including Linux® and Mac OS X®) while making satisfying compliance requirements a breeze. It unifies and consolidates identities, assigns individual accountability and enables centralized reporting for user and administrator access to Unix. The Privileged Access Suite for Unix is a one-stop shop for Unix security that combines an Active Directory bridge and root delegation solutions under a unified console that grants organizations centralized visibility and streamlined administration of identities and access rights across their entire Unix environment.
Achieve unified access control, authentication, authorization and identity administration for Unix, Linux®, and Mac OS X® systems by extending them into Active Directory (AD) and taking advantage of AD’s inherent benefits. Patented technology allows non-Windows® resources to become part of the AD trusted realm, and extends AD’s security, compliance and Kerberos-based authentication capabilities to Unix, Linux®, and Mac OS X®. (See https://www.quest.com/products/authentication-services/ for more information about the Active Directory Bridge product.)
The Privileged Access Suite for Unix offers two different approaches to delegating the Unix root account. The suite either enhances or replaces sudo, depending on your needs.
By choosing to enhance sudo, you will keep everything you know and love about sudo while enhancing it with features like a central sudo policy server, centralized keystroke logs, a sudo event log, and compliance reports for who can do what with Sudo.
(See https://www.quest.com/products/privilege-manager-for-sudo/ for more information about enhancing sudo.)
By choosing to replace sudo, you will still be able to delegate the Unix root privilege based on centralized policy reporting on access rights, but with a more granular permission and the ability to log keystrokes on all activities from the time a user logs in, not just the commands that are prefixed with "sudo". In addition, this option implements several additional security features like restricted shells, remote host command execution, and hardened binaries that remove the ability to escape out of commands and gain undetected elevated access.
(See https://www.quest.com/products/privilege-manager-for-unix/ for more information about replacing sudo.)
Privileged Access Suite for Unix offers two editions - Standard edition and Advanced edition. Both editions include: Management Console for Unix®, a common mangement console that provides a consolidated view and centralized point of management for local Unix users and groups; and, Authentication Services, patented technology that enables organizations to extend the security and compliance of Active Directory to Unix, Linux®, and Mac OS X® platforms and enterprise applications. In addition
Quest recommends that you follow these steps:
Deploy client software to remote hosts.
Depending on which Privileged Access Suite for Unix edition you have purchased, deploy either:
Privilege Manager for Unix® software (that is, Privilege Manager Agent packages)
The Authentication Services Mac OS X® Administrator Guide describes the port of the Authentication Services for Mac OS X® product to the Mac OS X® platform. Authentication Services for Mac OS X® brings the enterprise functionality Authentication Services supplies on every other major Unix platform to Mac OS X®.
Authentication Services supports both Mac OS X® and Mac OS X® Server versions 10.5 - 10.7. Authentication Services recommends that you install all the latest Apple system updates before installing Authentication Services.
In this guide you will find step-by-step instructions on installing, configuring, and uninstalling Authentication Services along with a detailed explanation of the Authentication Services components for Mac OS X®.
In addition, the "Group Policy for Mac OS X®" section documents each policy supported for this version of Authentication Services for Mac OS X®.
This guide is not comprehensive and only describes those Authentication Services features specific to Mac OS X®. Refer to the Authentication Services Administrator Guide, located in the docs directory of the installation media for complete documentation on all other Authentication Services features.
Note: The term "Unix" is used informally throughout the Authentication Services documentation to denote any operating system that closely resembles the trademarked system, UNIX®.
This section includes instructions for installing and configuring the Authentication Services agent on Mac OS X®.
Authentication Services Software is provided in a standard disk image located in the Mac OS X® subdirectory on the Authentication Services installation disk. You can install the Authentication Services agent software through the graphical user interface or from the command line, more common in a mass deployment scenario.