SSO solution in ports?

Tim Judd tajudd at gmail.com
Thu Jul 16 16:40:00 UTC 2009


On 7/16/09, Bill Moran <wmoran at potentialtech.com> wrote:
> In response to John Almberg <jalmberg at identry.com>:
>
>> I am trying to build a set of web applications that are accessed
>> through a web portal that uses a Single Sign On (SSO) solution.
>> Problem is, there are MANY competing SSO solutions. Since building
>> the client side of the SSO system is more than enough for me, I was
>> wondering if there are any SSO servers in ports that I can just
>> install and use? A CAS solution would be the best, but I'll look at
>> anything.
>
> The most widely supported I know of is LDAP, and OpenLDAP works pretty
> well.


Kerberos (4 or 5) is synonymous with single sign on.  Kerberos support
is not as integrated with services as LDAP is.  I am almost the
paranoid security type and I don't know if SSO is really a "good idea"
(TM).  You obtain someone's *weak* password because they don't want
complexity, now the systems are wide open to them.  System Login/Email
are the two that bug me most.  "If I have your system login password,
I have your email password too.  Then anything else you hook into SSO
is also known"

So I battle myself every day with the mindset if SSO is truly a
worthwhile thing to look at, or if it should be at *most* two SSOs,
one for system login, one for "everything else"


Sorry to pull off on that tangent, but it seems nobody considers the
downside to SSO, and it's been nagging at me.


--Tim


More information about the freebsd-questions mailing list