Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Problem: Single Sign On for linux

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Problem: Single Sign On for linux
# 1  
Old 07-21-2009
Problem: Single Sign On for linux
Hi gurus,
I'd like to know your opions about Single Sign On (SSO) for linux (Debian). In my company, clients want to access to different services (FTP, HTTP, Mail, Web Applications ). I think about OpenLDAP and Proxy (Squid, Vulture) to resolve this problem but i'm not sure if they can. Are there others solutions for this SSO problem ? The more secure, the better it is.
Any suggestion will be welcome and thankful.
Kind regards,
Thanh Dat
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Linux expand dollar sign in single quotes

I am trying to get a dollar sign variable to be expanded in single quotes. Not sure what I am doing wrong. I have tried every way I can think of. for i in `cat file1` do for j in `cat file2` do ssh $i 'systemctl is-enabled "${j}" '; done done... (4 Replies)
Discussion started by: cokedude
4 Replies

2. UNIX for Advanced & Expert Users

Linux dollar sign in front of directory

I'm looking at a config file with dollar signs. What do the dollar signs mean in front of a directory? dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept new_certs_dir = $dir/newcerts # default... (1 Reply)
Discussion started by: cokedude
1 Replies

3. Cybersecurity

differences between Shibboleth and Single Sign On

Could someone please explain to me the difference between Shibboleth and Single Sign On? How are they related? Thank you! (1 Reply)
Discussion started by: onlinelearner02
1 Replies

4. Linux

Linux command to find and replace occurance of more than two equal sign with "==" from XML file.

Please help me, wasted hrs:wall:, to find this soulution:- I need a command that will work on file (xml) and replace multiple occurrence (more than 2 times) Examples 1. '===' 2. '====' 3. '=======' should be replaced by just '==' Note :- single character should be replaced. (=... (13 Replies)
Discussion started by: RedRocks!!
13 Replies

5. Solaris

Solaris Single Sign on options

We are looking for implementing solaris single sign on with AD in our environment which as few hundred Solaris hosts and couple of hundred solaris zones ..IS there any third party software for the same or we can do it by just making the solaris servers as AD clients ? Any help is appreciated. (1 Reply)
Discussion started by: fugitive
1 Replies

6. UNIX for Dummies Questions & Answers

Sign up address for linux forum eNews

Does anyone have this handy Thanks (0 Replies)
Discussion started by: 77yrold
0 Replies

7. UNIX for Dummies Questions & Answers

are dropped packets a sign of network problem?

in a xen environment , i see a lot op dropped packets via netstat -i Is this a sign of network problems, or is it normal to see this kind of numbers? i'm not sure how to interprete the data. is this normal, bad, critical. What are your stats on this? I guess i have a xen issue of some sort,... (1 Reply)
Discussion started by: progressdll
1 Replies

8. Shell Programming and Scripting

Sign on/Sign off logging script

I'd like to make a script that I can execute every time I sign on to my linux box that keeps track of the time and allows to me to add a remark to a file. So basically once I log in, I run the script, and it outputs the date and time to a text file (log.txt). But that isn't my problem. I need... (1 Reply)
Discussion started by: Glider
1 Replies
Login or Register to Ask a Question

LEARN ABOUT OSX

krbservicesetup

krbservicesetup(8)					    BSD System Manager's Manual 					krbservicesetup(8)

NAME

     krbservicesetup -- Kerberos -- Open Directory Single Sign On

SYNOPSIS

     krbservicesetup [-r REALM] -a admin_name [-p password] [-t keytab] [-f setup_file] [service_type service_principal]

DESCRIPTION

     krbservicesetup is used by sso_util to configure Kerberized services on the current host. It uses kadmin to add service principals to the KDC
     database and create the krb5.keytab file. And then edits/creates the config files of the given service to use the proper service principal.
     krbservicesetup knows how to configure the FTP, AFP, POP, IMAP, SMTP and SSH services shipped by Apple in Mac OS X 10.3 krbservicesetup takes
     either a service_type, service_principal pair or a plist file with a list of services to configure. The plist file also allows more control
     over the options used when creating the principals.

     krbservicesetup arguments:

     -x       Use kadmin.local instead of kadmin.

     -r REALM
	      The Kerberos realm of the server

     -a admin_name
	      Name of an administrator with priveleges to add principals to the KDC

     -p password
	      Password for the above user

     -t keytab
	      The path of the keytab file to write

     -f setup_file
	      The path of the plist file containing the list of services to be configured

     service_type service_principal
	      A single service to configure

     The service_types understood by krbservicesetup are:

     afp      Apple Filing Protocol

     ftp      File Transfer Protocol

     imap     IMAP mail protocol

     pop      POP mail protocol

     smtp     SMTP mail protocol

     ssh      Secure Shell

     The plist file format used by krbservicesetup consists of a couple of optional boolean flag items and an array of dictionaries representing
     the services to be configured.

     noConfig - Boolean
	      Flag indicating that just the service principals should be created in the KDC

     configOnly - Boolean
	      Flag indicating that the services need to be configured

     Services - array of dictionaries
	      Array of service dictionaries to be configured

	      serviceType - string
		       Type of the service (see above for definitions)

	      servicePrincipal - string
		       Kerberos principal name for the service

	      option - Boolean
		       Options passed on to the add_princ command within kadmin If the boolean value is true, the option passed to kadmin is the
		       option name with a '+' prepended. If the value is false a '-' is prepended

	      option - string
		       Options passed on to the add_princ command within kadmin If the key is foo and the string value is bar then the option
		       passed in the add_princ command is "-foo bar"

     The options for the add_princ command are detailed in the man page for kadmin Some of the possibly options are restricted specifically the pw
     and needchange commands are ignored. Every service principal is generated with the randkey option.

FILES

     /etc/krb5.keytab		    The file where Kerberos stores the service principals for the services on this host

DIAGNOSTICS

     You can add -v debug_level to the krbservicesetup command. Debug level 1 provides status information, higher levels add progressivly more
     levels of detail.

EXAMPLES

     It is better to use the configure command in sso_util to configure multiple services. Here is an example of using krbservicesetup to config-
     ure a FTP server in the realm FOO.ORG

     krbservicesetup -r FOO.ORG -a admin -p password ftp ftp/myhost.foo.org@FOO.ORG

     (the above should be all on one line)

NOTES

     The krbservicesetup tool is used by the Apple Single Sign On system to set up Kerberized services integrated with the rest of the Single Sign
     On components.

SEE ALSO

     kadmin(8), kdcsetup(8), sso_util(8)

Darwin								   June 2, 2019 							    Darwin