RE: One-Time authentificaton for multiple servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Michelle,

There are systems that allow you to authenticate a user, set a cryptographic session cookie on the client browser and subsequently use that token to authenticate the client sending the HTTP request. These systems also allow you to define access control rules that depend on the user profile, insert HTTP headers into an authenticated request forwarded to the application backend etc.

They generally consist of an Apache module for collecting credentials, setting authentication ticket and enforcing the security policies, and some kind of centralised AAA server for taking access control decisions. Various authentication schemes are provided out of the box, including plain password, challenge-response, X.509, SAML...

Sun and CA both offer such systems. I am sure there are others around.

There are several open implementations of SSO that can be used with Apache. I have not used any of them. Here's a link listing at least some of them: http://www.cesnet.cz/doc/techzpravy/2006/web-sso/

You may also be interested in https://opensso.dev.java.net/public/use/docs/pdf/index.html

-ascs
 
-----Message d'origine-----
De : Michelle Konzack [mailto:linux4michelle@xxxxxxxxxx] 
Envoyé : mardi 25 septembre 2007 14:19
À : apache en
Objet :  One-Time authentificaton for multiple servers

Hello,

I have a couple of servers (currently 42 Web-Servers et a redunant PostgreSQL for AUTH) and I am trying to get a One-Time authentification running.

Exactly:

It should not mather on which Web-Server the $USER authenticate and if she/he change the website dynamicly...  The AUTH should be done on the PostgreSQL and then the Web-Server should ask the PostgreSQL whether the AUTH is valid or not.

I need a variable timeout (per $USER) and it should be refreshed each time the user klick a link or such...  After the timeout, the $USER need to re-authenticate again on one of the Web-Servers.

In general, I prefer to use PAM auth because the infrastructure is there and more easier on Debian-Systems.

Can anyone tell me how to do this?

Note:  I will have over 700.000 $USER if the whole thing is running and 
       we will use at least 200 Web-Servers and 8 PostgreSQL world wide.

Thanks, Greetings and nice Day
    Michelle Konzack
    Systemadministrator
    Tamay Dogan Network
    Debian GNU/Linux Consultant


--
Linux-User #280138 with the Linux Counter, http://counter.li.org/ ##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSN LinuxMichi
0033/6/61925193    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux