Single Sign On was (Re: [opensuse] Results of moving ssh to a high port - Zero scriptkiddies in a 24 hour period.)
- From: G T Smith <grahamsmith@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 29 Nov 2008 13:34:04 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hans Witvliet wrote:
On Sat, 2008-11-29 at 10:30 +0000, G T Smith wrote:
<snip>
What I would like to do is fix up some sort of single sign on, so one
authentication allows access networked resources at a network level, but
unfortunately for *NIX this would be a major project (and getting this
to work with ssh, cups, apache and samba etc could be a major pain). So
one has one strong point of entry rather than several points of varying
strength.
OTOH, using single-sign-on techniques (distributing trusted keys,
kerberos etc etc) removes security barriers. Instead of access to a
specific node, one gets access to all nodes.
The neat concept behind Novells Directory Service (NDS) was the
integration between rights to access services, resources, or even parts
of the NDS database data or schema to an authenticated object on top of
X500. Authenticated objects can only get access to resources and
services that the administrators of those resources and services have
defined at the level they have defined it. AD does do this but it is
still a very poor cripple in comparison to NDS. (Authenticated objects
are users, groups or services BTW).
Unfortunately, *NIX authentication is more loosely federated, with many
different ways of defining access to different functions and resources,
making such integration rather more complex than is ideal. OpenLDAP and
Kerberos are part there but still seem to be a penny short of a full
shilling last time I looked at them, and the later versions of NISS are
not very impressive either.
hw
- --
==============================================================================
I have always wished that my computer would be as easy to use as my
telephone.
My wish has come true. I no longer know how to use my telephone.
Bjarne Stroustrup
==============================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iEYEARECAAYFAkkxRMsACgkQasN0sSnLmgKF3gCgpGva9GVidLCpuz8VJLW/Mctp
aN8AnRioyDNazJLmtnuDq11I+iLXIx3e
=Zqki
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
- References:
- [opensuse] Results of moving ssh to a high port - Zero script kiddies in a 24 hour period.
- From: David C. Rankin
- Re: [opensuse] Results of moving ssh to a high port - Zero scriptkiddies in a 24 hour period.
- From: Dominique Leuenberger
- Re: [opensuse] Results of moving ssh to a high port - Zero scriptkiddies in a 24 hour period.
- From: G T Smith
- Re: [opensuse] Results of moving ssh to a high port - Zero scriptkiddies in a 24 hour period.
- From: Rajko M.
- Re: [opensuse] Results of moving ssh to a high port - Zero scriptkiddies in a 24 hour period.
- From: G T Smith
- Re: [opensuse] Results of moving ssh to a high port - Zero scriptkiddies in a 24 hour period.
- From: Hans Witvliet
- [opensuse] Results of moving ssh to a high port - Zero script kiddies in a 24 hour period.
- Prev by Date: Re: [opensuse] Wi-fi button
- Next by Date: Re: [opensuse] Yast & Grub bootloader different.
- Previous by thread: Re: [opensuse] Results of moving ssh to a high port - Zero scriptkiddies in a 24 hour period.
- Next by thread: Re: [opensuse] Results of moving ssh to a high port - Zero scriptkiddies in a 24 hour period.
- Index(es):
Relevant Pages
|
