Yes, in my opinion it is. But in practice, it's much harder and more complex than SSO. SSO means many things depending on whom you ask. For example, that little feature that collects and stores passwords in IE is technically a SSO solution. You sign on once, and it authenticates you to many different systems based on history and stored information. For some SSO solutions, this is the case. Others, as was mentioned here earlier in this thread are considering SSO to be synch'd passwords. Again, the goal is to logon once and access anywhere, and this would conceivably solve that problem. Having a master authentication realm would also conceivably solve that problem but with a different approach.
I'm just trying to be kind of thorough and suggest alternatives. Passowrd synching has it's issues, such as latency, revocation, etc. Can be less complex, but you have to trade off for the other problems associated with maintaining two identities with the same password and then forward same to the remote system. This gives the net effect, but does it solve the problem? Is it too cumbersome and does it have too many points of weakness where operational continuity can break down? Does a single unified client-side solution, a la IE password history, have any issues? Of course. Master and slave authentication systems aren't perfect either. My $0.02 anyway. -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Friday, December 05, 2003 2:57 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] SunOne synchronization??? Isn't that really the end goal though? I mean not necessarily single sign on (one authentication per session) but the goal of a single unique name and a single password for the systems. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Mulnick, Al [mailto:[EMAIL PROTECTED] > Sent: Friday, December 05, 2003 2:43 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] SunOne synchronization??? > > > What may also be of interest is not synching passwords, but rather > using one directory as the master (is that still a PC term? :) so that > you only have to authenticate against one. Much more complex, but may > fit the bill. > > > Al > > > > -----Original Message----- > From: Roger Seielstad [mailto:[EMAIL PROTECTED] > Sent: Friday, December 05, 2003 2:36 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] SunOne synchronization??? > > Ok. I missed that. And that's a BIG issue, frankly. > > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > > > -----Original Message----- > > From: Kingslan, Rick T. [mailto:[EMAIL PROTECTED] > > Sent: Friday, December 05, 2003 2:20 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] SunOne synchronization??? > > > > > > Sadly, MIIS does not synch passwords, per se. It does give a web > > interface for a user to choose which of the configured services in > > which to update their password in. > > > > But, it does not - as the perception of many people have, > allow you to > > change your password in AD then propogate to all other configured > > services being managed by the product. If you need that, MS does > > suggest Psynch to do the replication portion, IIRC. > > > > Rick Kingslan MCSE, MCSA, MCT > > Microsoft MVP - Active Directory > > LAN Administration - Windows 2000 > > West Corporation > > [EMAIL PROTECTED] > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Roger > > Seielstad > > Sent: Friday, December 05, 2003 12:51 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] SunOne synchronization??? > > > > I'd think that something like Simple Sync from CPS Systems > > (http://www.cps-systems.com) would do it. I'd expect Microsoft's > > Internet Identity Server (MIIS) would do it as well, or > something like > > LDSU from HP/Compaq > > > > -------------------------------------------------------------- > > Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator > > Inovis Inc. > > > > > > > -----Original Message----- > > > From: Douglas M. Long [mailto:[EMAIL PROTECTED] > > > Sent: Friday, December 05, 2003 11:03 AM > > > To: [EMAIL PROTECTED] activedir. org > > > Subject: [ActiveDir] SunOne synchronization??? > > > > > > > > > Does anyone synchronize users and passwords between Sun One > > directory > > > server and their AD? If so, what product do you use? Any tips? > > > > > > List info : http://www.activedir.org/mail_list.htm > > > List FAQ : http://www.activedir.org/list_faq.htm > > > List archive: > > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
