[TCLUG] authentication via NT domain, or whatever

Wed Oct 20 08:53:26 CDT 2004

I would never use the X.500 system here for authentication on our 
systems. The whole concept is too easy to spoof unless you can count on 
the user to always check that the address they're connecting for the 
login screen is in fact the centralized server. How many do you think 
will notice that they've been directed to http:// rather than https:// 
or that they've been directed to https://www.umn.edu.login.com rather 
than https://www.umn.edu?

--rick

Mike Hicks wrote:

>On Tue, 2004-10-19 at 13:38, Mike Miller wrote:
>  
>
>>We have been using an NT box to do authentication for the VMS machines. 
>>I don't know the details there, but I think the VMS system passwords are 
>>the same as the NT Domain passwords and the VMS box communicates with the 
>>NT box when someone tries to log into the VMS server.  We want Linux to be 
>>able to use this same system.  How can that be accomplished?  Our IT guys 
>>thought there might be an LDAP-based solution, but they haven't been able 
>>to come up with it yet.  It would be a big time saver if we could get 
>>something to do the authentication for us.
>>    
>>
>
>You seem to be at the U.  Are you using X.500 IDs at all?  I guess that
>your department must be using something else if the IT guys haven't
>found a shared ID system yet.  Finding some way to authenticate with the
>university's X.500 tree is one of the better ways of doing signons in
>the university system, although I guess certain aspects are somewhat
>poor (I think it might be harder to enforce password age restrictions,
>for instance).  There are a number of ways to talk to that system. 
>Heck, if the situation got to be really dire, it could be possible to
>hack something together that emulates an HTTPS web client to do UMN
>cookieauth of all things [http://www1.umn.edu/cookieauth/].  But that
>would be a pretty crazy method.
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>Help beta test TCLUG's potential new home: http://plone.mn-linux.org
>Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
>tclug-list at mn-linux.org
>https://mailman.real-time.com/mailman/listinfo/tclug-list
>

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
Help beta test TCLUG's potential new home: http://plone.mn-linux.org
Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery
tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list