In the firm we are running Windows and Linux server. Currently all servers are using the same usernames and password and from my opinion is we are running bad and non secure practice.
I was looking some documentation and I think best solution is to use SAMBA/LDAP/Kerberos to act as domain controller. I know Windows has active directory but my primary target is Linux.
Also, I never implemented this kind of enterprise system so my questions are
Can I get login once infrastructure (login just once and get all corporate services) ?
Can LDAP users login to Windows and Linux ? What about RDBMS (We have all major names of the market) ?
Is possible to build WEB interface for adding/removing users and groups from LDAP ?
I really don't know anything about those mentioned systems so I'm asking a lot of questions
Login once and get to all hosts... sure. Let's say you have a Windows domain, you login to the Windows Domain from your Windows client, it loads your SSH key off a secure area only you have access to and then you can PuTTY into the Linux hosts without typing a password... that's just one solution.
Single source of auth (a step down from SSO above) is possible as well... that is, you have to use your Windows username and password to log into the clients/servers regardless of whether they are Linux or Windows. Samba 3 supports this using winbind, but there are LDAP and AD ways to do this as well. But winbind is your friend IMHO.
Ah... finally with regards to a web interface for manipulating Windows AD... this is harder than it seems. LDAP is easy to manipulate, but passwords (which isn't LDAP) is a bit more difficult. Most people on a Windows network use Exchange for their email, so they just use OWA which allows you to change your password. With that said, I don't use Exchange here... it's an issue on our plate currently.
Take a look at RedHat Identity Management. It does most of what you need and has a web interface that both admins and users can use. It can work with AD, also. I got Solaris 10 to use it for authentication. It does services, automount, pretty much the full gamut and well documented.
We don't use Red Hat Linux but CentOS. I have OwnCloud, Tiki, some build servers (TeamCity) and I'm will build some kind of internal service for tracking licences we gave to our programmers. Most of the technology is open source so I don't to buy any kind of licence if I can use Kerberos/LDAP/Samba to get what I need.
I just don't understand how I can forward credentials to other services.