01-11-2013
To quote from RFC1925 (The Twelve Truths of Networking):
Cheap, Fast, Reliable: pick any two, you can't have all three.
None of these tools is "easy", "cheap" or "simple": they are complex and you can easily spend a lot of money and effort to cover in production what you "saved" in development by cutting efforts. To put it bluntly: it is easy to plan poorly and save that way a neglectable amount of cost and effort just to have a nearl unworkable envirnment in production which is a pain in the ass for all. I have seen a lot of such "simple solutions" which - once they were implemented - everybody hated with a passion.
So my first advice is: do NOT plan in short terms! A centralized authenticaltion solution is a very "core" technology and you will have to live with your decisions for a very long time. Plan thoroughly and you will have a valuable addition to your data center which saves you a lot of effort in the long run. Plan poorly and you will have additional effort and work on top of what you already do.
Second: stick to (open) standards as much as possible. all the products of a single producer have faltered over time, while open standards tend to stay: compare TCP/IP (the open internet protocol) with the IPX/SPX protocol from Novell and the NetBIOS protocol from Microsoft: all three were commonly used 15 years ago. Which one was open? Which one is still there? As long as there is only a single company producing something without an independent standard behind it it will not stay in the market for any prolonged time, regardless how big the company is: IBM invented the Microchannel bus and even as it was a technically excellent solution, today IBM builds its workstations and high-end systems (pSeries) on PCI. PCI is not better than Microchannel, but it was always independent and standardized while the Microchannel was IBMs patent - it still didn't stay.
So my second advice is: use LDAP, simply because it is an open, company-independent standard. Which LDAP server you use is irrelevant, it is easy to replace one with the other. Replacing a protocol is way more difficult than replacing to server providing it. Well, in fact it is not irrelevant, but a lot less relevant than the decision about the architecture of your authentication structure.
I hope this helps.
bakunin
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello Everyone,
I have enabled LDAP authentication on my Web script by adding the list of valid users in /etc/apach2/default-server.conf. However, I now want to retrieve the username of the person that logs in. How can I do that? Is there any such module?
Regards,
Harsha (0 Replies)
Discussion started by: garric
0 Replies
2. UNIX and Linux Applications
Hello,
I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it.
Presently, I have configured Basic authentication with apache but the security is not tight.
I... (1 Reply)
Discussion started by: bptronics
1 Replies
3. Linux
Hello,
I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it.
Presently, I have configured Basic authentication with apache but the security is not tight.
I... (1 Reply)
Discussion started by: bptronics
1 Replies
4. Cybersecurity
Hello,
I have a Linux box with RHEL4 running on it. The box is meant to be on the DMZ. There is a directory on the box that will be remotely from time to time and I want a form of authentication on it.
Presently, I have configured Basic authentication with apache but the security is not tight.
I... (1 Reply)
Discussion started by: bptronics
1 Replies
5. HP-UX
Hi to all,
i try to configure an HpUx 11.23 to use a Sun Directory Server to authenticate in system.
In my ldap the users is posixAccount.
I read in www that there is a sotware called LDAPUX but it use a profile, and it requires a change that i can't execute in my ldap because it is used also... (0 Replies)
Discussion started by: suuuper
0 Replies
6. Red Hat
I am trying to convert all my redhat servers over to ldap. I have solved almost all the probems but am having trouble getting cvs pserver to authenticate. I'm running redhat 4. Just patched everything the other day.
cvs is cvs-1.11.17-9.1.el4_7.1. Any suggestions would be welcome.
Obviously... (1 Reply)
Discussion started by: jhtrice
1 Replies
7. Solaris
Hi folks,
i have opends 1.2 manually installed
subversion 1.4.3 and apache2 updated by package manager.
i want to access svn using LDAP authentication
its giving an error:
ldap_simple_bind_s() failed.
what could be the problem.
i wrote some text at the end of httpd.conf fpr ldap... (2 Replies)
Discussion started by: visu_buri
2 Replies
8. Solaris
Hi all,
I have two virtual machines, one with Suse and another with opensolaris 2009.06.
The ldap server is in the Suse machine.
From my opensolaris, with command ldalist i can see the information about the ldap configuration, i mean, the dn: ou:....
if i type id <ldapuser> i can see the user... (0 Replies)
Discussion started by: checoturco
0 Replies
9. AIX
Hi, We are trying to use LDAP to authenticate the login from our application. Our application is installed on AIX 6.1 and LDAP server is on active directory windows 2003.
We are getting the below error when we try to login. We have the required lib file in the path it is looking for. Any idea... (3 Replies)
Discussion started by: Nand1010_MA
3 Replies
10. Emergency UNIX and Linux Support
Hi Friends,
I have below scenarios .
dom1.test.com - LDAP
dom2.test.com - AD
Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with
dom1\username -> get authenticated by LDAP host
... (2 Replies)
Discussion started by: Shirishlnx
2 Replies
LEARN ABOUT DEBIAN
libexosip2
The eXtented eXosip stack(3) libeXosip2 The eXtented eXosip stack(3)
NAME
The eXtented eXosip stack -
libeXosip2 Version 3.6.0
Modules
How-To initialize libeXosip2.
How-To initiate, modify or terminate calls.
How-To send or update registrations.
Detailed Description
libeXosip2 Version 3.6.0
See also:
http://savannah.gnu.org/projects/exosip
What is eXosip
libeXosip2 implements the Session Initiation Protocol (SIP -rfc3261-) libeXosip2 is GPL (COPYING). Please understand the licencing details
before using it!
For any use of this library beyond the rights granted to you by the GPL license, please contact my company at jack@atosc.org.
What is the relation between osip & eXosip2
The GNU osip stack is the first step needed to implement SIP applications. As a low layer stack, there is no limitation in the way to use
it, but the very large API makes it rather complex and not suitable for beginners.
The eXtended eXosip library is based on osip and implements a lot more SIP stuff so you can quickly build compliant SIP applications. The
API is enough flexible to allow you to control and complete SIP messages. Thus, it keeps the stack extensible.
While osip can be used for any SIP applications, eXosip2 only provide APIs to control endpoints.
What is SIP
SIP is an IP telephony protocol made by the IETF. It is an effort to create a simple (telephony is never simple) and powerful protocol for
next generation telephony systems.
SIP features
SIP is not just about telephony. It's much more that what you expect from phones. SIP means mobility, video, textual call information, file
exchange, instant messaging, presence support and much more!
eXosip2 is free software
As eXosip2 is GPL, you MUST choose to release your SIP applications based on eXosip2 under the GPL license.
For any use of this library beyond the rights granted to you by the GPL license, please contact my company at jack@atosc.org.
With oSIP (which is LGPL), you still have the choice to implement close source application and link with oSIP. For the benefit of the
community (and for your own benefit), please consider implementing your application in GPL.
Still with osip, you have to respect the license terms. Mainly, users of your software must be able to fix bugs in osip themselves. (they
must have the source code, be able to compile it and link your product with the new version.)
Thanks
Thanks to all the contributors and to all bug reporters. Enjoy osip!
Author
Generated automatically by Doxygen for libeXosip2 from the source code.
Version 3.1.0 Sun Jun 24 2012 The eXtented eXosip stack(3)