[unisog] Centralized auth for web servers
fs at WPI.EDU
Mon Jul 24 20:06:24 GMT 2006
On Mon, Jul 24, 2006 at 02:39:45PM -0500, James J. Barlow wrote:
> Was wondering if anyone else has any experience in a centralized web
> authentication application? We seem to have more and more servers
> being set up at our site that accept kerberos passwords (which authenticate
> against our centralized kerberos servers), and it's making me a bit
> nervous. I'm worried about one of those servers getting compromised
> and then a miscreant could snag lots of peoples kerberos passwords.
> I'd like a solution where the different web servers could use one server
> for authentication (which would then be centrally managed), and then
> use that authenticaton token/cookie, or whatever, for access to their pages.
Pubcookie does exactly that. We're using it here, and are pretty happy with
it. It's got plugins for apache and IIS.
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
WPI Network Engineer | is simple, elegant, and wrong. - HL Mencken
GPG fingerprint = 6174 1257 129E 0D21 D8D4 E8A3 8E39 29E3 E2E8 8CEC
More information about the unisog