|
|
ESOE Development |
Hi, > Just to ensure what I understand at this moment. The cool feature like The authentication method we use for "True" SSO is called SPNEGO, and we use People have had some success by installing krb5 and configuring Regards,
It's not quite true to say that it doesn't support Unix-based OS, because it
> "True Single Sign On" which automatically authenticate user after login
> to Windows OS by Active Directory, is still not implemented for the
> Unix-based OS authenticated using LDAP. Am I right? (I haven't tested it
> yet, just read the sourcecode)
is platform agnostic. Authentication is achieved using a Kerberos ticket
which is issued by Active Directory.
> If it's so, is it hard to implement this feature und Unix-based OS? LDAP authentication, at least in the context of ESOE, is simple
> In Windows OS, ESOE get logged-in user information from Windows-Session
> and validate it against Active Directory.
> As I know the Unix-based OSs use PAM to authenticate against LDAP but
> I'm still have not quite sure how OS keep per LDAP logged-in user
> information & how ESOE retrieves that user information, to validate it
> against LDAP.
username/password verification. Storing the state would just be saving your
username and password, which ESOE still wouldn't be able to get at
automatically. (If it were able to retrieve this data from your OS, I would
consider that a gaping security hole.)
the Kerberos variant of this method (as opposed to NTLM).
/etc/krb5.conf to authenticate against AD.. though we haven't documented
this procedure yet.
Shaun Mangelsdorf