Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Single-signon (Subversion, Apache etc)



> I'm in the middle of rolling out an OpenLDAP server to act as the
> heart of my 'single sign-on' infrastructure in an intranet environment

Correct me if I'm wrong, but SSO normally refers to Kerberos and/or AD,
right?  Sign on once, and then all your authentication requests to the
fileserver, webserver, etc, are all automatic, without even prompting.  I
know I've seen that in an all-MS environment...

Can this be done with LDAP?  My understanding of LDAP is that you can have a
centralized password management, but it's not SSO.  Meaning ... Although you
have a single password that works on all your file servers, webpages, etc
... You still have to get the logon prompt and type in your password, at
least once and then you can save your pass in your client.  The risk is how
securely the pass is saved.

One of the advantages of Kerberos/AD SSO, besides the awesome speed of
instant authentication, is the fact that your password is never saved
anywhere, encrypted or otherwise.







BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org