Single-signon (Subversion, Apache etc)
Edward Ned Harvey
blu-Z8efaSeK1ezqlBn2x/YWAg at public.gmane.org
Tue Feb 9 23:02:20 EST 2010
> I'm in the middle of rolling out an OpenLDAP server to act as the
> heart of my 'single sign-on' infrastructure in an intranet environment
Correct me if I'm wrong, but SSO normally refers to Kerberos and/or AD,
right? Sign on once, and then all your authentication requests to the
fileserver, webserver, etc, are all automatic, without even prompting. I
know I've seen that in an all-MS environment...
Can this be done with LDAP? My understanding of LDAP is that you can have a
centralized password management, but it's not SSO. Meaning ... Although you
have a single password that works on all your file servers, webpages, etc
... You still have to get the logon prompt and type in your password, at
least once and then you can save your pass in your client. The risk is how
securely the pass is saved.
One of the advantages of Kerberos/AD SSO, besides the awesome speed of
instant authentication, is the fact that your password is never saved
anywhere, encrypted or otherwise.
More information about the Discuss
mailing list