[rsbac] Linux public key authentication an PKI
Michal Purzynski
michal at rsbac.org
Thu May 10 13:31:44 CEST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On May 10, 2007, at 1:20 PM, Andrew Dobbie wrote:
> Hello,
>
> I'm not sure but maybe Kerberos can do that? It certainly uses single
> sign-on for multiple network services. Might be restricted to using
> password as shared secret for authentication with the Key Distribution
> Center. Once you authenticate though, password isn't used again until
> your Ticket-Granting Ticket expires.
>
Kerberos definitely. It's well known, easy to implement (across few
different platforms), reasonably designed solution. I see no point in
designing anything that would basically copy it anyway.
> Anyone else have ideas?
>
> Kerberos is Linux independent btw.
>
> On Mon, 2007-07-05 at 15:18 +0600, sftf at yandex.ru wrote:
>> Hi!
>> Anybody now, is there project/drafts for Linux implementing
>> centralized public key authentication for various services (not only
>> SSH) and client software?
>> Scenario:
>> - admin create private/public keys (like for SSH), one per user and
>> store them in LDAP
>> - ALL(POP3,SMTP,FTP,WEB,SAMBA and so on) services authenticate users
>> by public key,
>> not by the password
>> - so client software (POP3,SMTP,FTP... clinets) use public key
>> instead password
>> Thanks!
>>
>> _______________________________________________
>> rsbac mailing list
>> rsbac at rsbac.org
>> http://www.rsbac.org/mailman/listinfo/rsbac
>
>
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFGQwKl+8juDbyM0PsRAjuqAJ95/M/TeqD3e7leLSmKs+kfqExVvQCfUUoc
W35J1KbC+Lu776UpA1dHd9s=
=Fy0R
-----END PGP SIGNATURE-----
More information about the rsbac
mailing list