Favoured: 0
|
|
TOPIC: Re:LDAP connector for single sign-on
|
May 15, 2008 7:37 pm
2 posts
Fresh Boarder
|
|
|
Karma: 0
|
|
I would also like to see a single sign-on implementation, but was thinking more in the lines of:
1. Implementing Kerberos for authentication. Most efficiently by delivering a PAM module for Tempo.
2. Implementing SPNEGO for dealing with negotiation. Both Firefox and Internet Explorer support this mechanism.
3. Using the existing LDAP implementation purely for the authorisation partition of Tempo, where administration of authorisation is delegated to the LDAP server. The Tempo service/daemon should of course be configured to run using an account that has read access on the LDAP server. Credentials in configuration files is bad practice imho.
|
|
|
|
|
|
|
The administrator has disabled public write access. |
|
| |
|
 |
|
kclukey
|
2007/06/27 15:56
|
| |
|
|
|
Antoine
|
2007/06/27 16:27
|
| |
|
|
|
arnaud
|
2007/06/27 18:12
|
| |
|
|
|
edwin.van.der.thiel
|
2008/05/15 19:37
|
|
Post Reply
