The madness! The madness! Credential Craziness!

Post #317,747 by pwhysall 11/24/09 2:56:31 AM Reply	The madness! The madness! Credential Craziness! I've just been tallying up how many sets of authentication credentials I maintain at work. The answer is at least 14. The insanity comes from the rather unpleasant realisation that nine of these are internal. The other 5 are probably intractable, as they're third-party websites run by organisations which are unlikely to want to expose their delicate bits to our organisation's delicate bits in a rather pornographic authentication-fest. I'd never really paid any heed to SSO before, but now I'm a believer.
Post #317,751 by folkert 11/24/09 8:47:17 AM Reply	Let Microsoft manage it all. They've got GREAT... Things just for authentication!
Post #317,753 by drook 11/24/09 9:14:19 AM Reply	Hailstorm! No ... Palladium! No, wait ... What are they calling it this week. Passport? Is that still it? -- Drew
Post #317,758 by boxley 11/24/09 9:56:43 AM Reply	no, they use AD and for convenience for techies the two tier login to the management login is AD/something else so when a new employee comes on board the $MS drones fill all the gaps and when employee leaves the employ the ability to log into the back is gone. Before silo managers had to manage admin access. No longer, let the MS madness take care of it.
Post #317,759 by beepster 11/24/09 10:14:39 AM Reply	We have SSO And I still need to maintain about a dozen different sets of credentials. Its a PITA that is not going to go away. I will choose a path that's clear. I will choose freewill.
Post #317,762 by drook 11/24/09 11:15:19 AM Reply	We have SSO-ish I have a single username/password that is synchronized across (nearly) all systems. But I still have to type it in again whenever I launch a new system. -- Drew
Post #317,776 by pwhysall 11/24/09 3:34:59 PM Reply	Right now, I'd settle for that.
Post #317,781 by static 11/24/09 6:36:42 PM Reply	It is something that Linux needs to get on top of. I regularly or semi-regularly log into ten Linux boxes, one of them my own. SSH keys help, but really solve the wrong problem. I've worked in an NIS+ environment before. It was kinda nice, but fragile. And it was very annoying we couldn't mix FreeBSD and Linux; the NIS+ protocol is closely dependant on how the systems locally do things like password storage. No surprise, Linux and BSD diverge there. Wade. Q:Is it proper to eat cheeseburgers with your fingers? A:No, the fingers should be eaten separately.
Post #317,782 by boxley 11/24/09 6:43:06 PM Reply	radius, been around forever
Post #317,784 by static 11/24/09 6:52:28 PM Reply	That's designed for dial-in network authentication. And is used extensively for just that. But how well does it integrate with a standard XDM login on an X window server? Maybe you're thinking of Kerberos. Wade. Q:Is it proper to eat cheeseburgers with your fingers? A:No, the fingers should be eaten separately.
Post #317,787 by boxley 11/24/09 9:13:08 PM Reply	not just for dialup http://www.tech-faq.com/radius.shtml dive in here http://savannah.gnu.org/projects/radius/
Post #317,794 by folkert 11/24/09 10:34:52 PM Reply	LDAP We use LDAP and it does everything.
Post #317,849 by jake123 11/26/09 10:06:49 AM Reply	NIS is much easier to manage and less fragile than NIS+ I prefer it by far.

Welcome to IWETHEY!