User Tools

Site Tools

Trace:
projects:authentication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

projects:authentication [2017-08-26 15:52] (current)
faker created
Line 1: Line 1:
 +===== Authentication =====
  
 +==== Why? ====
 +
 +We will use different tools which require authentication. \\
 +wiki, chat, wlan, ssh logins, nas storage, ...
 +
 +One identity source would be nice.\\
 +Access rights could be granted to groups. 
 +
 +Otherwise we need to create user accounts in every system, manage rolls in every system, ...
 +
 +Username/Password is outdated. MFA solutions provide more security. \\
 +
 +
 +==== Protocols ====
 +
 +  * ldap is supported in most applications
 +  * wireless lan 802.1x uses radius
 +  * MFA OTP solutions are often based on Radius
 +  * certificate based logins would be great (smartcards, virtual smartcards, user certificates)
 +    * a CA could also be used for internal web servers where letsencrypt is not an option 
 +  * kerberos is less supported but more secure
 +  * SAML is often use for cloud services
 +  * TACACS is used for switches an other network devices
 +
 +==== Tools ====
 +
 +=== Directory Operating Systems (iso) ===
 +^Name ^ldap ^radius ^kerberos ^SAML ^TACACS ^ssh key ^CA ^MFA ^self-hosted ^costs / license ^
 +^Distributions which might fit ^^^^^^^^^^^
 +|[[https://www.univention.de/produkte/ucs/|UCS]]      |yes |module |yes |yes |no |ldap voodoo needed |yes, but cli |privacyidea module |yes |core version free |
 +^Distributions with missing featurs ^^^^^^^^^^^
 +|[[https://www.clearos.com|clearos]]                  | |radius not compatible with samba directory, only ldap |samba 4, but beta |no, manual simplesamlphp config | | | | | | |
 +|[[http://www.nethserver.org|nethserver]]             |yes |no? |samba4 | | | | | | | |
 +|[[http://www.zentyal.org|zentyal]]                   |yes |no | | | | | | | |development edition free, open source |
 +|[[http://www.koozali.org|koozali]]                   | |no | | | | | | | | |
 +|Microsoft Active Directory                           |yes |yes |yes |yes |no |no |yes |no |yes |complicated, expensive, closed source |
 +|[[https://www.pfsense.org|pfsense]]                  |no |yes |no |no | | | | | | |
 +
 +=== Directory Applications ===
 +^Name ^ldap ^radius ^kerberos ^SAML ^TACACS ^ssh key ^CA ^MFA ^self-hosted ^costs / license ^
 +^Applications to test ^^^^^^^^^^^
 +|[[https://www.freeipa.org|FreeIPA]]                  | | | | | | | | | | |
 +|[[http://directory.apache.org|Apache Directory]]     | | | | | | | | | | |
 +|[[http://directory.fedoraproject.org|389 Directory]] | | | | | | | | | | |
 +|[[https://oss.gonicus.de|goSA]]                      | | | | | | | | | | |
 +|samba 4                                              | | | | | | | | | | |
 +|openldap+freeradius \\ +phpldapadmin+openssl+...     | | | | | | | | | | |
 +
 +=== MFA ===
 +^Name ^ldap ^radius ^kerberos ^SAML ^TACACS ^ssh key ^CA ^MFA ^self-hosted ^costs / license ^
 +^Applications which might fit ^^^^^^^^^^^
 +^Applications to test ^^^^^^^^^^^
 +|[[https://www.privacyidea.org|privacyidea]]          | | | | | | | | | | |
 +|[[https://www.linotp.org|linotp]]                    | | | | | | | | | | |
 +|[[http://www.rcdevs.com|rcdevs]]                     | | | | | | | | | | |
 +|[[https://duo.com|duo]]                              | | | | | | | | | | |
 +|[[https://authy.com|authy]]                          | | | | | | | | | | |
 +|[[https://www.wikidsystems.com|wikid]]               | | | | | | | | | | |
projects/authentication.txt ยท Last modified: 2017-08-26 15:52 by faker

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki