On July 22, 2011 15:40 , Mike <nws6969@xxxxxxxxx> wrote:
I have a setup where I have 6 different servers that are running apache 2. I run a web site that requires users to login and I have to maintain a .htpasswd file on each server that is synced across all the servers every 15 minutes. While this works, it requires the user to login up to 6 different times depending on which server has the data he/she needs.Is there a way that I can configure apache to cross authenticate amongst the various server so the users only have to login once?
Yes, this is called "web single sign on". Apache HTTP Server does not do single-sign-on out of the box, but here are some examples on how to configure it to do so:
Cosign: http://weblogin.org/ Pubcookie: http://www.pubcookie.org/ CAS: http://www.jasig.org/casmod_auth_kerb (based on SPNEGO and Kerberos): http://modauthkerb.sourceforge.net/index.html
Shibboleth (based on SAML): http://shibboleth.net/Depending on your requirements, OpenID or OAuth2 may also work you, although their focus is on decentralized identity federation rather than on single-sign-on.
You could also create your own single-sign on implementation by sharing cookies through a central database. However, I don't recommend this since there are many subtle security issues involved, and a mistake could leave all of your web sites insecure.
-- Mark Montague mark@xxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|