Clarification on Centrify
By Mark Wilcox - CTO - Oracle Consulting Security-Oracle on May 07, 2008
One benefit of blogs is that you can get educated fast by your own mis-informed comments :).
Since I linked to Jackson Shaw's post, I wanted to share a quick clarification I got from a friend I have who turns out to work for Centrify and reads my blog.
"Centrify does not require any schema extensions on AD in order to integrate a non-Windows system into AD, see our FAQ http://www.centrify.com/directcontrol/faq.asp#schemaextensions.
DirectControl was designed to integrate seamlessly into Unix by
supporting the established UNIX standards you mention (�PAM, NSS and
SUDO�), as well as standards such as Kerberos and RFC 2307 assuming a
customer is using Windows 2003 R2 or installs the Microsoft R2 schema
(customers will trust Microsoft and install their schema, just not any
3rd party schema extensions). However, DirectControl can install and
operate perfectly even without schema modifications of any kind."
So to clarify all of the products in this space that I am aware of (OAS4OS, Vintella and Centrify) don't require schema extensions to AD.
Thus we'll all have to come up with different FUD to throw at each other :).