[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: How to Confuse SSO

To: <codywang@clunet.edu>
Subject: Re: How to Confuse SSO
From: "Alan Sparks" <asparks@doublesparks.net>
Date: Wed, 25 Jun 2003 12:01:23 -0600 (MDT)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <00ec01c33b40$601fac20$88c46bc7@clunet.2k>
References: <00ec01c33b40$601fac20$88c46bc7@clunet.2k>

You can install the pam_ldap and nss_ldap RPMs to implement a unified
single password scheme.  If you want to log into one machine and expect to
reconnect without retyping passwords, you'll probably need Kerberos.  If
you simply want a single username/password across a group of machines,
pam_ldap/nss_ldap and OpenLDAP is good enough.

SSL/TLS is not strictly necessary, but you quite well may want it to
protect client to directory communication during password checks.

-Alan

cody wang said:
> Hi
>
> I want to set-up Single Sign On (SSO) solution on Redaht Linux. However,
> I have read many web site reference that use different application so I
> am confused which on can be used for SSO?
>
> Do I need configure all of them? Do I really need Kerberos 5? Do I still
> miss something? Is TLS/SSL nessary for SSO?
>
> Kerberos 5/Cyrus-sasl/Open LDAP/Berkeley DB/pam_ldap/nss_ldap
>
>
> Thanks
> Cody


===========
Alan Sparks, UNIX/Linux Systems Administrator    <asparks@doublesparks.net>

References:
- How to Confuse SSO
  - From: "cody wang" <codywang@clunet.edu>

Prev by Date: RE: Fwd: [Fwd: JDBC-LDAP bridge driver error]
Next by Date: slapd.pid file misses ?
Index(es):
- Chronological
- Thread