[ale] How do you deal with SSO at home?

[Lightner, Jeffrey]

I thought NIS+ solved the issues of original NIS.  I've never used NIS+ so wouldn't swear to it.

For personal stuff I'm paranoid enough to use different passwords for everything.  If internet sites offer it I even use separate user names.

Minor rant:   
In the old days you had to guess both username and password to login to a server.   Nowadays most of the internet uses email address as username which means they've given 50% of the answer to most hackers. 



-----Original Message-----
From: Ale [mailto:ale-bounces at ale.org] On Behalf Of Solomon Peachy via Ale
Sent: Wednesday, December 13, 2017 2:11 PM
To: DJ-Pfulio; Atlanta Linux Enthusiasts
Subject: Re: [ale] How do you deal with SSO at home?

On Wed, Dec 13, 2017 at 12:50:45PM -0500, DJ-Pfulio via Ale wrote:
> How do you deal with SSO at home?
> In the 1990s, NIS was the answer.  Security needs changed that.
> So, how do you do it?

It depends greatly on what services you're trying to unify, how they're accessed, and how many distinct servers are in play.  Do you want this to also cover shared filesystems too?

It also depends on if you're seeking to "authenticate once" or just share an authentication backend so all logins use the same credentials.

The latter is fairly easy -- My stuff generally authenticates against the system PAM backend, or IMAP if it's some sort of web thingey.  

Some time ago I played around with an LDAP backend for everything (using
389 directory server) but it was a serious amount of administration overhead and yielded no benefits.

I'd been meaning to set up an OpenID provider, but haven't found one that plays well with an existing authentication backend.

 - Solomon
-- 
Solomon Peachy			       pizza at shaftnet dot org
Coconut Creek, FL                          ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.