On Mon, 2010-06-14 at 12:10 +0200, Verner Kjærsgaard wrote:
Hi list, - just an idea...would it be possible (has anyone done it) to use your google login to authenticate your access to your central openSuse box?
Possible, sure; aside from being a horrible idea. [Authentication fails if the Internet connection is down, or if the provider changes their API, hostname, etc...]
- or perhaps openID?
Yes Hard part, for either, is you would need to dynamically allocate UID/GID upon successful authentication [much like Samba's winbind can do for AD domain authentication]. And you'd need to keep an idmap to remember the token:UID pair so the user got the same one next time.
- a kind of replacing YP/NIS with a globally available service, at least for authentication..
Should be trivial for authentication services, like Cyrus IMAPd or web
applications (perhaps using saslauthd) that don't require a 'system
account'. Otherwise you have to dynamically generate the system account
- which also shouldn't be too hard, but with significant downsides.
Since at least OpenID could potentially have a local provider that
seems, at least to me, kind of an interesting solution.
--
Adam Tauno Williams