[rsbac] Linux public key authentication an PKI
Andrew Dobbie
adobbie at ieee.org
Thu May 10 14:03:17 CEST 2007
Certainly you won't be able to create such a solution yourself. Kerberos
has been developed out of MIT since the late 1980s so it's quite mature.
Even Microsoft uses some variation of Kerberos 4 (5?) for network
authentication. If it doesn't already do everything you want, you can
always add to it since it's open. From my experience, I can say that
it's also not hard to setup and get running.
On Thu, 2007-10-05 at 13:31 +0200, Michal Purzynski wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On May 10, 2007, at 1:20 PM, Andrew Dobbie wrote:
>
> > Hello,
> >
> > I'm not sure but maybe Kerberos can do that? It certainly uses single
> > sign-on for multiple network services. Might be restricted to using
> > password as shared secret for authentication with the Key Distribution
> > Center. Once you authenticate though, password isn't used again until
> > your Ticket-Granting Ticket expires.
> >
>
> Kerberos definitely. It's well known, easy to implement (across few
> different platforms), reasonably designed solution. I see no point in
> designing anything that would basically copy it anyway.
>
> > Anyone else have ideas?
> >
> > Kerberos is Linux independent btw.
> >
> > On Mon, 2007-07-05 at 15:18 +0600, sftf at yandex.ru wrote:
> >> Hi!
> >> Anybody now, is there project/drafts for Linux implementing
> >> centralized public key authentication for various services (not only
> >> SSH) and client software?
> >> Scenario:
> >> - admin create private/public keys (like for SSH), one per user and
> >> store them in LDAP
> >> - ALL(POP3,SMTP,FTP,WEB,SAMBA and so on) services authenticate users
> >> by public key,
> >> not by the password
> >> - so client software (POP3,SMTP,FTP... clinets) use public key
> >> instead password
> >> Thanks!
More information about the rsbac
mailing list