[Date Prev][Date Next] [Chronological] [Thread] [Top]

Security issues when authenticating from multiple sites

To: openldap-technical@openldap.org
Subject: Security issues when authenticating from multiple sites
From: "Einar S. Idsų" <einar.ldap@norsk-esport.no>
Date: Wed, 04 Mar 2009 10:18:28 +0100
Content-disposition: inline

Hello,

We have a number of different community sites that will use a
single central OpenLDAP-server for authentication. We want
each site to provide its users with a logon-box for that site, just
as any forum or portal you can find out there. Each site has its
own admins with full access to everything related to their specific
site. This makes it possible for them to edit their own logon
mechanism to capture passwords for users that log on to their
site. Thus an admin on one site can capture the password of an
admin on another site, which is an obvious security issue.

We can of course redirect logons to a common secure webpage, 
or monitor files in the respective sites' webroot to detect 
modifications to logon procedures, but we'd really prefer a 
cleaner solution if at all possible. Do any mechanisms exist 
to avoid this problem? 

Cheers,
Einar S. Idsø
Norsk eSport DA

Follow-Ups:
- Re: Security issues when authenticating from multiple sites
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: can't change password with ldappaswd on Solaris 10 SPARC
Next by Date: Openldap, kerberos backend, and SASL
Index(es):
- Chronological
- Thread