Mailinglist Archive: opensuse (933 mails)
| < Previous | Next > |
Re: [opensuse] Using google for authentication?
- From: Adam Tauno Williams <awilliam@xxxxxxxxxxxxx>
- Date: Mon, 14 Jun 2010 08:01:15 -0400
- Message-id: <1276516875.21809.4.camel@xxxxxxxxxxxxxxx>
On Mon, 2010-06-14 at 12:10 +0200, Verner Kjærsgaard wrote:
Possible, sure; aside from being a horrible idea. [Authentication fails
if the Internet connection is down, or if the provider changes their
API, hostname, etc...]
Yes
Hard part, for either, is you would need to dynamically allocate UID/GID
upon successful authentication [much like Samba's winbind can do for AD
domain authentication]. And you'd need to keep an idmap to remember the
token:UID pair so the user got the same one next time.
Should be trivial for authentication services, like Cyrus IMAPd or web
applications (perhaps using saslauthd) that don't require a 'system
account'. Otherwise you have to dynamically generate the system account
- which also shouldn't be too hard, but with significant downsides.
Since at least OpenID could potentially have a local provider that
seems, at least to me, kind of an interesting solution.
--
Adam Tauno Williams <awilliam@xxxxxxxxxxxxx> LPIC-1, Novell CLA
<http://www.whitemiceconsulting.com>
OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Hi list,
- just an idea...would it be possible (has anyone done it) to use your
google login to authenticate your access to your central openSuse box?
Possible, sure; aside from being a horrible idea. [Authentication fails
if the Internet connection is down, or if the provider changes their
API, hostname, etc...]
- or perhaps openID?
Yes
Hard part, for either, is you would need to dynamically allocate UID/GID
upon successful authentication [much like Samba's winbind can do for AD
domain authentication]. And you'd need to keep an idmap to remember the
token:UID pair so the user got the same one next time.
- a kind of replacing YP/NIS with a globally available service, at least
for authentication..
Should be trivial for authentication services, like Cyrus IMAPd or web
applications (perhaps using saslauthd) that don't require a 'system
account'. Otherwise you have to dynamically generate the system account
- which also shouldn't be too hard, but with significant downsides.
Since at least OpenID could potentially have a local provider that
seems, at least to me, kind of an interesting solution.
--
Adam Tauno Williams <awilliam@xxxxxxxxxxxxx> LPIC-1, Novell CLA
<http://www.whitemiceconsulting.com>
OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |