[unisog] Centralized auth for web servers

Frank Sweetser fs at WPI.EDU
Mon Jul 24 20:06:24 GMT 2006


On Mon, Jul 24, 2006 at 02:39:45PM -0500, James J. Barlow wrote:
> Was wondering if anyone else has any experience in a centralized web
> authentication application?  We seem to have more and more servers 
> being set up at our site that accept kerberos passwords (which authenticate
> against our centralized kerberos servers), and it's making me a bit
> nervous.  I'm worried about one of those servers getting compromised
> and then a miscreant could snag lots of peoples kerberos passwords.
> I'd like a solution where the different web servers could use one server
> for authentication (which would then be centrally managed), and then
> use that authenticaton token/cookie, or whatever, for access to their pages.

Pubcookie does exactly that.  We're using it here, and are pretty happy with
it.  It's got plugins for apache and IIS.

http://pubcookie.org/

-- 
Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution that
WPI Network Engineer          |  is simple, elegant, and wrong. - HL Mencken
    GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC


More information about the unisog mailing list