User Tools

Site Tools


projects:authentication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

projects:authentication [2017/08/26 15:52] (current)
faker created
Line 1: Line 1:
 +===== Authentication =====
  
 +==== Why? ====
 +
 +We will use different tools which require authentication. \\
 +wiki, chat, wlan, ssh logins, nas storage, ...
 +
 +One identity source would be nice.\\
 +Access rights could be granted to groups. ​
 +
 +Otherwise we need to create user accounts in every system, manage rolls in every system, ...
 +
 +Username/​Password is outdated. MFA solutions provide more security. \\
 +
 +
 +==== Protocols ====
 +
 +  * ldap is supported in most applications
 +  * wireless lan 802.1x uses radius
 +  * MFA OTP solutions are often based on Radius
 +  * certificate based logins would be great (smartcards,​ virtual smartcards, user certificates)
 +    * a CA could also be used for internal web servers where letsencrypt is not an option ​
 +  * kerberos is less supported but more secure
 +  * SAML is often use for cloud services
 +  * TACACS is used for switches an other network devices
 +
 +==== Tools ====
 +
 +=== Directory Operating Systems (iso) ===
 +^Name ^ldap ^radius ^kerberos ^SAML ^TACACS ^ssh key ^CA ^MFA ^self-hosted ^costs / license ^
 +^Distributions which might fit ^^^^^^^^^^^
 +|[[https://​www.univention.de/​produkte/​ucs/​|UCS]] ​     |yes |module |yes |yes |no |ldap voodoo needed |yes, but cli |privacyidea module |yes |core version free |
 +^Distributions with missing featurs ^^^^^^^^^^^
 +|[[https://​www.clearos.com|clearos]] ​                 | |radius not compatible with samba directory, only ldap |samba 4, but beta |no, manual simplesamlphp config | | | | | | |
 +|[[http://​www.nethserver.org|nethserver]] ​            |yes |no? |samba4 | | | | | | | |
 +|[[http://​www.zentyal.org|zentyal]] ​                  |yes |no | | | | | | | |development edition free, open source |
 +|[[http://​www.koozali.org|koozali]] ​                  | |no | | | | | | | | |
 +|Microsoft Active Directory ​                          |yes |yes |yes |yes |no |no |yes |no |yes |complicated,​ expensive, closed source |
 +|[[https://​www.pfsense.org|pfsense]] ​                 |no |yes |no |no | | | | | | |
 +
 +=== Directory Applications ===
 +^Name ^ldap ^radius ^kerberos ^SAML ^TACACS ^ssh key ^CA ^MFA ^self-hosted ^costs / license ^
 +^Applications to test ^^^^^^^^^^^
 +|[[https://​www.freeipa.org|FreeIPA]] ​                 | | | | | | | | | | |
 +|[[http://​directory.apache.org|Apache Directory]] ​    | | | | | | | | | | |
 +|[[http://​directory.fedoraproject.org|389 Directory]] | | | | | | | | | | |
 +|[[https://​oss.gonicus.de|goSA]] ​                     | | | | | | | | | | |
 +|samba 4                                              | | | | | | | | | | |
 +|openldap+freeradius \\ +phpldapadmin+openssl+... ​    | | | | | | | | | | |
 +
 +=== MFA ===
 +^Name ^ldap ^radius ^kerberos ^SAML ^TACACS ^ssh key ^CA ^MFA ^self-hosted ^costs / license ^
 +^Applications which might fit ^^^^^^^^^^^
 +^Applications to test ^^^^^^^^^^^
 +|[[https://​www.privacyidea.org|privacyidea]] ​         | | | | | | | | | | |
 +|[[https://​www.linotp.org|linotp]] ​                   | | | | | | | | | | |
 +|[[http://​www.rcdevs.com|rcdevs]] ​                    | | | | | | | | | | |
 +|[[https://​duo.com|duo]] ​                             | | | | | | | | | | |
 +|[[https://​authy.com|authy]] ​                         | | | | | | | | | | |
 +|[[https://​www.wikidsystems.com|wikid]] ​              | | | | | | | | | | |
projects/authentication.txt ยท Last modified: 2017/08/26 15:52 by faker