[unisog] Centralized auth for web servers

Frank Sweetser fs at WPI.EDU
Mon Jul 24 20:06:24 GMT 2006

On Mon, Jul 24, 2006 at 02:39:45PM -0500, James J. Barlow wrote:
> Was wondering if anyone else has any experience in a centralized web
> authentication application?  We seem to have more and more servers 
> being set up at our site that accept kerberos passwords (which authenticate
> against our centralized kerberos servers), and it's making me a bit
> nervous.  I'm worried about one of those servers getting compromised
> and then a miscreant could snag lots of peoples kerberos passwords.
> I'd like a solution where the different web servers could use one server
> for authentication (which would then be centrally managed), and then
> use that authenticaton token/cookie, or whatever, for access to their pages.

Pubcookie does exactly that.  We're using it here, and are pretty happy with
it.  It's got plugins for apache and IIS.


Frank Sweetser fs at wpi.edu  |  For every problem, there is a solution that
WPI Network Engineer          |  is simple, elegant, and wrong. - HL Mencken
    GPG fingerprint = 6174 1257 129E 0D21 D8D4  E8A3 8E39 29E3 E2E8 8CEC

More information about the unisog mailing list