This shows you the differences between two versions of the page.
— |
projects:authentication [2017-08-26 15:52] (current) faker created |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ===== Authentication ===== | ||
+ | ==== Why? ==== | ||
+ | |||
+ | We will use different tools which require authentication. \\ | ||
+ | wiki, chat, wlan, ssh logins, nas storage, ... | ||
+ | |||
+ | One identity source would be nice.\\ | ||
+ | Access rights could be granted to groups. | ||
+ | |||
+ | Otherwise we need to create user accounts in every system, manage rolls in every system, ... | ||
+ | |||
+ | Username/ | ||
+ | |||
+ | |||
+ | ==== Protocols ==== | ||
+ | |||
+ | * ldap is supported in most applications | ||
+ | * wireless lan 802.1x uses radius | ||
+ | * MFA OTP solutions are often based on Radius | ||
+ | * certificate based logins would be great (smartcards, | ||
+ | * a CA could also be used for internal web servers where letsencrypt is not an option | ||
+ | * kerberos is less supported but more secure | ||
+ | * SAML is often use for cloud services | ||
+ | * TACACS is used for switches an other network devices | ||
+ | |||
+ | ==== Tools ==== | ||
+ | |||
+ | === Directory Operating Systems (iso) === | ||
+ | ^Name ^ldap ^radius ^kerberos ^SAML ^TACACS ^ssh key ^CA ^MFA ^self-hosted ^costs / license ^ | ||
+ | ^Distributions which might fit ^^^^^^^^^^^ | ||
+ | |[[https:// | ||
+ | ^Distributions with missing featurs ^^^^^^^^^^^ | ||
+ | |[[https:// | ||
+ | |[[http:// | ||
+ | |[[http:// | ||
+ | |[[http:// | ||
+ | |Microsoft Active Directory | ||
+ | |[[https:// | ||
+ | |||
+ | === Directory Applications === | ||
+ | ^Name ^ldap ^radius ^kerberos ^SAML ^TACACS ^ssh key ^CA ^MFA ^self-hosted ^costs / license ^ | ||
+ | ^Applications to test ^^^^^^^^^^^ | ||
+ | |[[https:// | ||
+ | |[[http:// | ||
+ | |[[http:// | ||
+ | |[[https:// | ||
+ | |samba 4 | | | | | | | | | | | | ||
+ | |openldap+freeradius \\ +phpldapadmin+openssl+... | ||
+ | |||
+ | === MFA === | ||
+ | ^Name ^ldap ^radius ^kerberos ^SAML ^TACACS ^ssh key ^CA ^MFA ^self-hosted ^costs / license ^ | ||
+ | ^Applications which might fit ^^^^^^^^^^^ | ||
+ | ^Applications to test ^^^^^^^^^^^ | ||
+ | |[[https:// | ||
+ | |[[https:// | ||
+ | |[[http:// | ||
+ | |[[https:// | ||
+ | |[[https:// | ||
+ | |[[https:// |