On 01/17/2018 01:35 PM, Tod Hansmann wrote: > I'm looking for some sort of single login server. Not single sign-on. > That's something this could enable in some cases, but it's not my goal. I > just want to have one account that isn't a social media thing. Ideally it > would fulfill these: > > - Can self host, preferably on Linux > - Provides OAuth2 and maybe OpenID? > - Would ideally be something I can use for OS logins on Linux and Windows > (OSX is a pipe dream), so Kerberos and LDAP I guess? > - Secure, duh > - Can control sub-logins, like of my kids. > - Can preferably revoke access to third parties later, like "I don't want > site X to have access anymore" > > Any thoughts on possibilities if they exist? Or am I looking at something > like using OpenLDAP and tacking on OAuth2 access to it?
OAuth(2) and OpenID are designed for allowing a company to trust someone else to authenticate their users. If you can convince all the companies you care about to trust your personal server for authentication, you're in business! ;-) (Actually that's what OpenID does, but hardly anyone used it even when it was popular, so it mostly died. I'm still mourning its passing. It was a great idea.) What you're asking for sounds a bit like a password manager like KeePass or LastPass. LastPass in particular lets you share your passwords while attempting to hide those passwords from the recipient. (In practice, recipients can easily expose the passwords through obvious tricks. It's a dumb feature. So why did I mention it? Because passwords are dumb and I wanted to rant. I want my OpenID back!) Shane /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
