Karl`s PC Help Forums

Single Sign On
Theravad - 20-10-2008 at 13:04

Wondering if I should post a series of texts on a challenge that has arisen.

A number of us collaborate using a number of tools - all hosted on the same server - all using different logon/password storage types and as a consequence it is a bit of a nightmare.

What I intend to do is:
(1) get all the applications to use the machine based username/password for authentication
(2) move the machine authentication stuff from shadow password to LDAP
(3) provide a web based portal for the user to manage their password and user details (probably usermin )

Possible prattfalls are:
- ruin an application by not getting the change in auth correct
- not migrating current users into LDAP correctly and locking them out of the system

The applications are:
Subversion, Eventum, Epiware, VPN(ssh)

Just to make life interesting I might do this on a live system rather than trial it on a spare machine shocked_yellow

Anyone interested in following this disaster waiting to happen ?kewl_glasses

T


LSemmens - 20-10-2008 at 14:03

I'm interested, though I have absolutely no idea about what you are attempting to achieve.

Am I right in assuming that:
1 you all use a common set of tools that are spread across various accounts.

2 You wish to make those tools universally accessible via one method

As you can see, from my analysis, I'll willingly admit, that I don't know what you are hoping to achieve, but I believe it's far more complex than my simple analysis.


Theravad - 20-10-2008 at 20:32

Quote:
Originally posted by LSemmens

Am I right in assuming that:
1 you all use a common set of tools that are spread across various accounts.

2 You wish to make those tools universally accessible via one method

.


(1) There is a set of tools - each of them has their own sign in system - I need to modify these to use a common one.
(2) I wish to enable the user to logon once and switch between the tools without being presented with yet-another sign in dialogue.

T


LSemmens - 21-10-2008 at 10:55

Could you set up the user profiles to have elevated priviledges, that will permit access accross the board?