ABRAuth™

What is ABRAuth™?

An appliance-based single sign-on/centralized authentication system for heterogeneous environments including Linux, Unix, Mac, and more

Available versions:

Freely downloadable Virtual Machines (VMs)

The Details

ABRAuth™ allows you to

• Centrally manage your enterprise environment no matter the type of OS.
• Increase security in your enterprise
• Increase PCI/SOX compliance
• Save money in productivity increases for both your system administrators and end-users

ABRAuth™ simplifies management of your environment by allowing your servers to redirect authentication requests to the appliance. Your appliance administrators configure access to hosts from a central web interface. Based on successful authentication of the user and configured access to the host, the user is authorized. The end-user experience is greatly simplified since they are able to access the entire environment with one identity.

The Technical Specs

The Appliance

All Virtual Machine appliances run the same software. Licensing costs are the same for all.

The appliance runs:

• MIT Kerberos server
• OpenLDAP server
• ABRAuth™ daemon

Configuration of the appliance is made simple by connecting to the appliance on a designated port and walking through the appliance set up steps.

Port requirements:

TCP

• 80, 443 (HTTP, HTTPS)
• 636 (LDAPS)
• 88, 464 (Kerberos)
• 51413 (ABRAuth™)

UDP

• 88, 464 (Kerberos)

The Management GUI

Management of the appliance is simple with the web-based management tool. This tool allows for creation of users, hosts, access-controls, sudo policies, password policies, home directory settings, and more. Click here for an online demonstration of the management GUI.

Your Clients

Your clients connect to the appliance without running a third-party daemon. Configuration files native to your clients are used to securely redirect authentication and authorization to the ABRAuth™ appliance. Example files used for a typical Linux system: PAM ldap.conf nsswitch.conf system-auth krb5.conf Each platform has its own set of configuration requirements. These changes, while possible to be made manually, can easily be made by our freely available client installs.

Your Environment

ABRAuth™ easily drops into your existing environment with the proper infrastructure you likely already have in place. Infrastructure requirements for ABRAuth™ are very simple: DNS ABRAuth™ clients rely on DNS to find the ABRAuth™ appliances through the use of SRV records. Kerberos also heavily relies on DNS. NTP NTP is required to satisfy the Kerberos requirements of closely time-synced clients and servers for authentication.