If you’ve ever used SUSE Linux Enterprise Desktop (SLED) you know that you must authenticate to the workstation before you can be presented with a desktop environment.  This is similar to how Windows NT, 2000, and 2003 behave (or should that be vice-versa).  This login prompt can be configured to authenticate against a local /etc/passwd and user list, NIS, LDAP (OpenLDAP, eDirectory, etc.), Kerberos (Active Directory) or Windows Domains (Samba).

It’s also possible to authenticate against one source – say the local /etc/passwd security – and still require authentication to an external resource that relies on, say Windows Domain authentication.  While the IT staff probably has little problem understanding “why this is necessary”, there are some users who will only be familiar with a “single sign-on” experience — similar to what they would have with a Windows desktop.  In other words, they want to only get prompted to login to the workstation once and then not have to do another authentication to get access to the network.

Here’s a recent AppNote by Shannon VanWagner that explains the steps for how to Configure SLED 10 Single Sign-On with LDAP / Kerberos Authentication to Active Directory on Windows Server 2003 R2 with UID/GID Mapping via LDAP

I also had posted links to a similar AppNote by Sam Ludington that explains how to do it with eDirectory and the Novell Client for Linux instead of AD:  Setting up LUM and Novell Client Single Sign-On for SLED 10