On July 22, 2011 15:40 , Mike <nws6...@gmail.com> wrote:
I have a setup where I have 6 different servers that are running
apache 2. I run a web site that requires users to login and I have to
maintain a .htpasswd file on each server that is synced across all the
servers every 15 minutes. While this works, it requires the user to
login up to 6 different times depending on which server has the data
he/she needs.
Is there a way that I can configure apache to cross authenticate
amongst the various server so the users only have to login once?
Yes, this is called "web single sign on". Apache HTTP Server does not
do single-sign-on out of the box, but here are some examples on how to
configure it to do so:
Cosign: http://weblogin.org/
Pubcookie: http://www.pubcookie.org/
CAS: http://www.jasig.org/cas
mod_auth_kerb (based on SPNEGO and Kerberos):
http://modauthkerb.sourceforge.net/index.html
Shibboleth (based on SAML): http://shibboleth.net/
Depending on your requirements, OpenID or OAuth2 may also work you,
although their focus is on decentralized identity federation rather than
on single-sign-on.
You could also create your own single-sign on implementation by sharing
cookies through a central database. However, I don't recommend this
since there are many subtle security issues involved, and a mistake
could leave all of your web sites insecure.
--
Mark Montague
m...@catseye.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
