[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSO possible with web apps?

You might consider Kerberos - SASL - on the openldap authentication.

Then - using the same kerberos keys - a kerberos enabled browser (I believe
netscape can be kerberos enabled) - would be able to authenticate web pages to
the kerberos server.

I don't know how well this works in practice - or for your environment - but it
is the path my previous employer was following - and that I am planning on
heading down.


Milan Andric <mandric@EECS.Berkeley.EDU> on 04/30/2003 12:39:28 PM

To:   Bob Boyken <bob@boyken.org>
cc:   openldap-software@OpenLDAP.org (bcc: John J. der Schalla

Subject:  Re: SSO possible with web apps?


in http authentication there is something called realms that helps with
this problem. i don't know how it applies to various applications though,
and is probably independent of openldap?


On Tue, 29 Apr 2003, Bob Boyken wrote:

> Date: Tue, 29 Apr 2003 11:47:45 -0500
> From: Bob Boyken <bob@boyken.org>
> To: openldap-software@OpenLDAP.org
> Subject: SSO possible with web apps?
> Forgive me if this has been previously addressed.  I am new to this list and
fairly new to OpenLDAP.
> Here is my situation.  In our company, we have multiple open source web
applications that we use.  Some are web apps that are under active development
by others (like Metadot and Mantis), and some we have developed in-house in PHP
or Perl.  Each is capable of using an LDAP server for authentication.  The web
apps are running on 3 different Apache servers.  We're not running any J2EE or
anything like that.  Just simple mod_perl and mod_php apps.
> However, each user has to retype his user_id and password for each
application.  My boss would like to have things set up in such a way that when a
user logs into one application and is authenticated against the common LDAP
server, they won't need to retype their user_id and password for any of the
other applications.
> My statement to him was: I DON'T KNOW HOW TO DO THAT.  My question to you: Is
this even possible?
> --
> Bob Boyken
> bob@boyken.org
> http://www.boyken.org