On Wed, Jan 17, 2018 at 1:35 PM, Tod Hansmann <plug....@todandlorna.com> wrote: > I'm looking for some sort of single login server. Not single sign-on. > That's something this could enable in some cases, but it's not my goal. I > just want to have one account that isn't a social media thing. Ideally it > would fulfill these: > > - Can self host, preferably on Linux > - Provides OAuth2 and maybe OpenID? > - Would ideally be something I can use for OS logins on Linux and Windows > (OSX is a pipe dream), so Kerberos and LDAP I guess? > - Secure, duh > - Can control sub-logins, like of my kids. > - Can preferably revoke access to third parties later, like "I don't want > site X to have access anymore" > > Any thoughts on possibilities if they exist? Or am I looking at something > like using OpenLDAP and tacking on OAuth2 access to it?
Centralized identity and authentication for all your machines is a very good idea. The general enterprise standard is LDAP+Kerberos. These can be a pain to setup the first time. You might want to consider FreeIPA (http://www.freeipa.org). It's a collection of all of these tools and more with a good management interface. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */