LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 03-06-2009, 11:18 AM   #1
nickowen
LQ Newbie
 
Registered: Mar 2008
Posts: 17

Rep: Reputation: 0
SSO for SSH and apache and/or tomcat


Greetings:

I'm looking for an SSO solution that would allow a user to login to a webpage/webapp and ssh. This might not be possible, but I thought I would throw it out there and get some ideas. It seems like most SSO systems use a browser cookie which would be problematic with ssh.

Nick
 
Old 03-06-2009, 01:54 PM   #2
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 120Reputation: 120
I don't know about Tomcat, but ssh and apache can both use ldap for authentication.
 
Old 03-06-2009, 02:10 PM   #3
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by nickowen View Post
Greetings:

I'm looking for an SSO solution that would allow a user to login to a webpage/webapp and ssh. This might not be possible, but I thought I would throw it out there and get some ideas. It seems like most SSO systems use a browser cookie which would be problematic with ssh.

Nick
There are a lot of ways to implement single sign on, however, I think the previous posters recommendation of ldap is a solid one and it also enables you to have logins for smtp/pop/imap also use the same authentication.

Typically ldap takes a bit more time to setup initially but once its running and you have your applications authenticating off of it you gain that time back in ease of maintenance.

Most services now can authenticate off of ldap directly or by and by off of pam/nss which can authenticate off of ldap.

Another advantage if you've got some in house programmers is that you can even modify most cms packages to authenticate off ldap relatively easily... and some cms/portals already have authentication through ldap built in.

Last edited by rweaver; 03-06-2009 at 02:13 PM.
 
Old 03-06-2009, 02:30 PM   #4
nickowen
LQ Newbie
 
Registered: Mar 2008
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by rweaver View Post
There are a lot of ways to implement single sign on, however, I think the previous posters recommendation of ldap is a solid one and it also enables you to have logins for smtp/pop/imap also use the same authentication.

Typically ldap takes a bit more time to setup initially but once its running and you have your applications authenticating off of it you gain that time back in ease of maintenance.

Most services now can authenticate off of ldap directly or by and by off of pam/nss which can authenticate off of ldap.

Another advantage if you've got some in house programmers is that you can even modify most cms packages to authenticate off ldap relatively easily... and some cms/portals already have authentication through ldap built in.
Right, but what I'm really looking for is the ability to sign-on once. Not to use the same password. We have a one-time password system. I would like to be able to login centrally to a web-interface and not be prompted for a password for SSH. Seems unlikely, the more I think about it.
 
Old 03-06-2009, 08:38 PM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You can integrate SSO with a lot of applications, but you'd need to write support into OpenSSH to do this. I highly doubt it's possible with the current code. As you said, SSO is generally implemented with cookies.
 
Old 03-06-2009, 08:44 PM   #6
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 120Reputation: 120
Here's an SSH howto http://www.linuxquestions.org/blog/s...ver-setup-919/

Last edited by billymayday; 03-06-2009 at 08:48 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache and Kerberos SSO issues climbingmerlin Linux - Server 2 08-09-2009 05:12 AM
LXer: How To Set Up Apache, Tomcat (mod_jk), SSO (CAS, mod_auth_cas) LXer Syndicated Linux News 0 08-25-2008 10:40 AM
apache-tomcat and jakarta-tomcat shifter Programming 1 07-28-2007 10:36 PM
Apache 2.2.0 and Apache-Tomcat 5.5.17, how can i connect them? Ukitake Fedora 1 06-04-2006 08:25 AM
Why use Apache with Tomcat rather than just Tomcat itself? davee Linux - Software 1 08-21-2003 09:47 PM


All times are GMT -5. The time now is 04:05 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration