 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
> I'm in the middle of rolling out an OpenLDAP server to act as the > heart of my 'single sign-on' infrastructure in an intranet environment Correct me if I'm wrong, but SSO normally refers to Kerberos and/or AD, right? Sign on once, and then all your authentication requests to the fileserver, webserver, etc, are all automatic, without even prompting. I know I've seen that in an all-MS environment... Can this be done with LDAP? My understanding of LDAP is that you can have a centralized password management, but it's not SSO. Meaning ... Although you have a single password that works on all your file servers, webpages, etc ... You still have to get the logon prompt and type in your password, at least once and then you can save your pass in your client. The risk is how securely the pass is saved. One of the advantages of Kerberos/AD SSO, besides the awesome speed of instant authentication, is the fact that your password is never saved anywhere, encrypted or otherwise.
