On 02/19/2015 05:06 AM, Jan Pazdziora wrote:
On Wed, Feb 18, 2015 at 04:06:39PM -0800, Martin Minkus wrote:
Except where we don't want single sign on, and separate passwords are
advantageous or even required:
- Web logins
Could you elaborate on the use cases when you'd want your users to log
in using their passwords on a Web login, instead of using SSO, be it
Kerberos or SAML? Is that purely the application not supporting it
or are there some other reasons (you say "we don't want single sign
on" which sounds like a political or compliance issue, not technical
one).
IMO the case is:
I have a phone and a tablet and a laptop.
I do not want to use one password for all three.
On the phone and tablet people save their passwords so I do not want to
have same password cached on all devices. I want to have a password per
device.
IMO the way to go is certs rather than passwords.
We are not there yet but with upcoming changes we will get much closer.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
