On 7/16/09, Bill Moran <wmo...@potentialtech.com> wrote: > In response to John Almberg <jalmb...@identry.com>: > >> I am trying to build a set of web applications that are accessed >> through a web portal that uses a Single Sign On (SSO) solution. >> Problem is, there are MANY competing SSO solutions. Since building >> the client side of the SSO system is more than enough for me, I was >> wondering if there are any SSO servers in ports that I can just >> install and use? A CAS solution would be the best, but I'll look at >> anything. > > The most widely supported I know of is LDAP, and OpenLDAP works pretty > well.
Kerberos (4 or 5) is synonymous with single sign on. Kerberos support is not as integrated with services as LDAP is. I am almost the paranoid security type and I don't know if SSO is really a "good idea" (TM). You obtain someone's *weak* password because they don't want complexity, now the systems are wide open to them. System Login/Email are the two that bug me most. "If I have your system login password, I have your email password too. Then anything else you hook into SSO is also known" So I battle myself every day with the mindset if SSO is truly a worthwhile thing to look at, or if it should be at *most* two SSOs, one for system login, one for "everything else" Sorry to pull off on that tangent, but it seems nobody considers the downside to SSO, and it's been nagging at me. --Tim _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"