Centrify DirectControl , a product from a two-year-old startup based in Mountain View, CA, offers perhaps the most compelling and comprehensive solution for Active Directory integration, at a price of about $50 per client and $300 per server, which is competitive with Vintela's licensing costs. Centrify also has the benefit on running on just about every UNIX version and Linux distribution, as well as on Mac OS X.
Like Vintela, Centrify works almost completely at the client level. However, there are some key differences. For starters, Centrify doesn't use a NIS/NSS bridge service to communicate with AD Domain Controllers; instead, they implemented their own modified version of the MIT Kerberos PAM stack to natively communicate with Windows 200x's Kerberos. And, in lieu of schema extensions, Centrify opted to store the UID and GUID mappings in an object class container within Active Directory. What's the difference? Well, just as the new OUs and User objects are normally stored within AD, Centrify uses non-proprietary text information stored in pre-existing object classes within AD to store extended Linux and UNIX user data. These objects can be easily removed from Active Directory, and their locations can be defined and moved by the network administrator.
Another unique benefit of Centrify is that — unlike the three other approaches listed above — the DirectControl client is tightly integrated with Windows 2000's password enforcement policy management. So, for example, if your user accounts are set to expire their passwords every 90 days, Centrify will put up a GUI or console-based dialog to prompt the user to change his password.
There are also no tricky synchronization issues or political infighting involved to bring Centrify into your shop. The process of installing Centrify on a Linux client and connecting to an Active Directory is totally painless: install one RPM, issue a single "net join" command, supply your administrator credentials, and presto, your Linux box is joined to the network just as is a Windows workstation. And guess what – if you've already brought SFU into your shop, Centrify supports the SFU extensions, so there is no downside to bringing the software into your environment after the fact.
To administrate the extended UNIX user data, Centrify provides a Windows-based GUI application that can be run from any Windows-based workstation. Absolutely nothing is installed on the server. Using the GUI, you can enforce granular Windows 2000 Group Policy controls, by department, geography, function, system type, or any means you wish. You can also grant administrators granular levels of privileges to fine tune their actual effective rights on the network.