Re: are you using Fedora in a production environment?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Oct 30, 2006 at 12:09:41PM +0200, Avi Kivity wrote:
> 
> I looked at openldap, but it had separate schemas for cifs and unix.

An LDAP entry can have several objectClass-es.
The samba and unix schemas are different but use the same attribute
for the user's password so you'll only have one password for both
methods.

Note that LDAP will only solve part of the problem. It allows you to
centralize user information but your users will still need to enter
their passwords as often as before. You'll need Kerberos to have SSO.

> Can you describe your solution?  Does it work for the other services?

I work mostly on web-apps so I can only comment on WebSSO solutions.

Lemonldap[1] is usable (but a pain in the a$$ to get working).
I'm looking at Vulture[2] these days which seems to have more readable code.

Both of these work the same way, using Apache as a reverse proxy between
the user and the web-apps.

- User tries to load an app in his browser
- Lemonldap or Vulture catch his request and redirect him to an
  authentification page
- User enters a username and a password. These are checked against an LDAP
  database.
- Lemonldap or Vulture then add an Authorization header to the HTTP request
  and send it on its way.
- User no longer needs to authentify himself for any of the web-apps.

This requires that the web-apps be modified to use the Authorization header
to identify the user. These changes range from 'trivial' to 'impossible',
depending on the apps themselves.

[1] http://lemonldap.sourceforge.net/
[2] http://vulture.open-source.fr/wiki/

Emmanuel

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux