-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hans Witvliet wrote:
On Sat, 2008-11-29 at 10:30 +0000, G T Smith wrote: <snip>
What I would like to do is fix up some sort of single sign on, so one authentication allows access networked resources at a network level, but unfortunately for *NIX this would be a major project (and getting this to work with ssh, cups, apache and samba etc could be a major pain). So one has one strong point of entry rather than several points of varying strength.
OTOH, using single-sign-on techniques (distributing trusted keys, kerberos etc etc) removes security barriers. Instead of access to a specific node, one gets access to all nodes.
The neat concept behind Novells Directory Service (NDS) was the integration between rights to access services, resources, or even parts of the NDS database data or schema to an authenticated object on top of X500. Authenticated objects can only get access to resources and services that the administrators of those resources and services have defined at the level they have defined it. AD does do this but it is still a very poor cripple in comparison to NDS. (Authenticated objects are users, groups or services BTW). Unfortunately, *NIX authentication is more loosely federated, with many different ways of defining access to different functions and resources, making such integration rather more complex than is ideal. OpenLDAP and Kerberos are part there but still seem to be a penny short of a full shilling last time I looked at them, and the later versions of NISS are not very impressive either.
hw
- -- ============================================================================== I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. Bjarne Stroustrup ============================================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAkkxRMsACgkQasN0sSnLmgKF3gCgpGva9GVidLCpuz8VJLW/Mctp aN8AnRioyDNazJLmtnuDq11I+iLXIx3e =Zqki -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org