Actually after looking more closely at Centrify (thanks everyone!) it appears that one of the functions you get with their Linux/Active Directory integration product is a daemon that can act as a NIS server for "legacy" devices and systems. This means that one can license a few critical cluster nodes and then simply run one or more Centrify NIS daemons on the cluster to feed authentication data from Active Directory through NIS to the cluster nodes. The NIS product also locally caches credentials to avoid hammering the domain controller all the time. I'm betting you lose some of the policy based features you get with a full Centrify deployment but using NIS would allow someone to satisfy the access/authentication requirement without licensing the entire cluster. There is one lurker on this list who is already doing this on a test cluster with plans to move it into production shortly. Regards, Chris On Aug 24, 2006, at 2:53 PM, <Daniel.G.Roberts at sanofi-aventis.com> wrote: > Also Vintela VAS should work.. > Anyone have first hand experience with using either centrify or vas > in their cluster for user authentication? > > I gather that you still have to run a lightweight ldap server on > the headnode in order to have the compute nodes authenticate the > user.. > thoguths? > dan