Pass-through Authentication


Beginning 1Q 2014, the Lab Services Security Team is proud to provide a new service: Pass-through Authentication (PTA) with Microsoft Active Directory(MSAD) and IBM Security Directory Server(ISDS), formerly known as IBM Tivoli Directory Server(ITDS). For most AIX customers, PTA provides the perfect solution for centralized password and user/group management of AIX
systems.  Using PTA, when AIX systems are configured as LDAP clients pointing to an ITDS LDAP server, ITDS provides the PTA mechansim to redirect authentication requests to a different LDAP server, in this case MSAD. This PTA mechanism allows AIX users to use a single Windows network login password for both their Windows desktops and AIX systems.  In this PTA configuration, ITDS will still be used to manage and store AIX user and group information. By storing user and group information on ISDS, full compatibility with AIX is maintained because ISDS implements the RFC2307AIX LDAP Schema.  Not all LDAP servers, such as MSAD, provide this as a standard implemented schema and can prove to be severly limiting and difficult to use, but these problems are eliminated by storing and managing user and group information on ISDS.

A Picture is Worth a Thousand Words:
pta topology

Key Features:

  • This is the absolute best general solution for AIX password and AIX user and group account managment
  • When a customer has an AIX Software Maintenance Agreement, ISDS support and licensing is free for AIX LDAP servers and AIX LDAP client partitions.
  • For the essentials, see our AIX Identity Management with ITDS – Level 1 service
  • For securing and providing high availability to your ISDS solution, see our Level 2 service


see: Learn more about the Pass-through Authentication service


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: