[unisog] Centralized auth for web servers

Christopher E. Cramer chris.cramer at duke.edu
Mon Jul 24 20:07:30 GMT 2006


Duke's using it's own system: WebAuth (http://webauth.duke.edu), but we've 
about to start piloting Yale's CAS (http://www.ja-sig.org/products/cas/)

-chris

--
Christopher E. Cramer, Ph.D.
University Information Technology Security Officer
Duke University,  Office of Information Technology
334 Blackwell St., Suite 2106, Durham, NC 27701
PH: 919-660-7003  FAX: 919-668-2953  CELL: 919-210-0528


On Mon, 24 Jul 2006, James J. Barlow wrote:

> Was wondering if anyone else has any experience in a centralized web
> authentication application?  We seem to have more and more servers
> being set up at our site that accept kerberos passwords (which authenticate
> against our centralized kerberos servers), and it's making me a bit
> nervous.  I'm worried about one of those servers getting compromised
> and then a miscreant could snag lots of peoples kerberos passwords.
> I'd like a solution where the different web servers could use one server
> for authentication (which would then be centrally managed), and then
> use that authenticaton token/cookie, or whatever, for access to their pages.
>
> We have looked at Bluestem (https://www-s.uiuc.edu/bluestem/notes/overview.html)
> and was wondering what other sites may be using.  TIA.
>
>
> -- 
> James J. Barlow   <jbarlow at ncsa.uiuc.edu>
> Head of Security Operations and Incident Response
> National Center for Supercomputing Applications    Voice : (217)244-6403
> 1205 West Clark Street, Urbana, IL  61801           Cell : (217)840-0601
> http://www.ncsa.uiuc.edu/~jbarlow                    Fax : (217)244-1987
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>


More information about the unisog mailing list