Slashdot Mirror

← Back to Stories (view on slashdot.org)

Single Sign on Solutions on the (Very) Cheap?

Posted by Cliff on from the if-your-security-isn't-broke dept.

ATMosby asks: "I was asked today to look into how a single sign on can be implemented. Now part of the constraint is that is must be very cheap (and by that the powers that be really mean free!) Of course there are all sorts of legacy applications that are 'required' to work with this, ranging from java applications to ancient pc programs. I've poked around a bit and found some pointers to commercial software that seems to be able to due bits and pieces of the job, but nothing that will do everything and anything that might be thrown at it. Before I just go and tell folks "No bloody way!" does anyone have words of advice to offer on the topic? Stories of successful or wildly unsuccessful attempts? Commercial or otherwise?"

4 of 48 comments (clear)

  1. OpenLDAP by profet · · Score: 2, Insightful

    Think Active Directory without broken Schemas.

    Most languages PHP, JAVA... have ways of using LDAP (even Active Directory) to authenticate.

  2. You need to provide more detail... by EnronHaliburton2004 · · Score: 2, Insightful

    Of course there are all sorts of legacy applications that are 'required' to work with this, ranging from java applications to ancient pc programs.

    You aren't giving alot of detail here. You didn't even mention your OS's.

    Are these Windows apps? Linux apps? Web apps? Apps for your WPA-enabled phone (Hey, he said Legacy :)

    Does each individual program really have it's own authentication system? If so you are in trouble. For most most legacy application, you log into Windows, then use the program. Somehow I don't think you are looking for more then just a centralized Windows network however.

    Do people need to log into a website? How about Unix servers? Unix desktops?

    --
    94% of Repubs and 21% of Dems voted to renew the Patriot Act
  3. LDAP or RADIUS by bolix · · Score: 3, Insightful

    I'm confused, are you attempting to refine your security to the application level or looking to integrate your applications with a centralised security model?. These are separate and distinct requirements!

    You need to provide more info to help us determine the exact capabilities of the "ancient PC Programs" and the nature of the access you intend to provide. It may be as simple as facilitating the centralised OS security-authentication and applying group level access-control to the application folder.

    For free authentication look to LDAP or RADIUS.

  4. Re:Have a single login by menscher · · Score: 2, Insightful

    Beats having multiple easy ways for hackers to penetrate the system.... Not to mention lusers are less likely to write down a single password (as compared to one for each system).