Difference between revisions of "Single sign-on"

From ProgClub
Jump to: navigation, search
(Reverting spam.)
 
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
This is the ProgClub Single sign-on project. The idea is that users can login to our systems using a single username and password. For other projects see [[Projects]].
 
This is the ProgClub Single sign-on project. The idea is that users can login to our systems using a single username and password. For other projects see [[Projects]].
  
= Project status =
+
== Project status ==
  
Just barely begun. Have started recording links to information that looks like it might be useful.
+
Done! [[Kerberos]] has been configured on [[charity]], which is the KDC. An NFS share for users' home directories has been configured on [[charity]]. [[Hope]] and [[honesty]] have been configured with an appropriate Kerberos/LDAP/PAM client configuration. Svn access to the read-write member's only version of pcrepo has been secured with Kerberos integration (via Apache and HTTPS).
  
= Links =
+
== Contributors ==
  
== Single sign-on related information ==
+
Members who have contributed to this project. Newest on top.
 +
 
 +
* [[User:John|John]]
 +
 
 +
All contributors have agreed to the terms of the [[ProgClub:Copyrights#ProgClub_projects|Contributor License Agreement]]. This excludes any upstream contributors who tend to have different administrative frameworks.
 +
 
 +
== Copyright ==
 +
 
 +
Copyright 2011, [[Single sign-on#Contributors|Contributors]]. Licensed under the [[New BSD]] license.
 +
 
 +
== Links ==
 +
 
 +
=== Single sign-on related information ===
  
 
* [https://help.ubuntu.com/community/SingleSignOn SingleSignOn]
 
* [https://help.ubuntu.com/community/SingleSignOn SingleSignOn]
  
== Kerberos related information ==
+
=== Kerberos related information ===
  
 
* [https://help.ubuntu.com/community/Kerberos Kerberos]
 
* [https://help.ubuntu.com/community/Kerberos Kerberos]
Line 19: Line 31:
 
** [http://web.mit.edu/Kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-user.html Kerberos V5 UNIX User's Guide]
 
** [http://web.mit.edu/Kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-user.html Kerberos V5 UNIX User's Guide]
 
* [http://web.mit.edu/Kerberos/dialogue.html Designing an Authentication System]
 
* [http://web.mit.edu/Kerberos/dialogue.html Designing an Authentication System]
 +
* [http://www.visolve.com/security/ssh_kerberos.php OpenSSH & Kerberos]
  
== LDAP related information ==
+
=== LDAP related information ===
  
 
* [https://help.ubuntu.com/community/LDAPClientAuthentication LDAPClientAuthentication]
 
* [https://help.ubuntu.com/community/LDAPClientAuthentication LDAPClientAuthentication]
 
* [https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html OpenLDAP Server]
 
* [https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html OpenLDAP Server]
  
== NFS related information ==
+
=== NFS related information ===
  
 
* [https://help.ubuntu.com/community/SettingUpNFSHowTo SettingUpNFSHowTo]
 
* [https://help.ubuntu.com/community/SettingUpNFSHowTo SettingUpNFSHowTo]
  
= Kerberos =
+
== TODO ==
 +
 
 +
Things to do, in rough order of priority:
 +
 
 +
* Investigate MySQL/Kerberos integration
 +
 
 +
== Done ==
 +
 
 +
Stuff that's done. Latest stuff on top.
 +
 
 +
* [[User:John|JE]] 2011-08-16: Integrated svn with Kerberos (via Apache)
 +
* [[User:John|JE]] 2011-08-15: Configured /home mounts for [[Hope_admin#John_2011-08-15_01:32|hope]] and [[Honesty_admin#John_2011-08-15_04:06|honesty]] to [[charity]]:/home
 +
* [[User:John|JE]] 2011-08-15: Configured SSH logins to use Kerberos/LDAP on [[Hope_admin#John_2011-08-14_17:23|hope]] and [[Honesty_admin#John_2011-08-15_03:45|honesty]]
 +
* [[User:John|JE]] 2011-08-15: Configured /home NFS share on [[Charity_admin#John_2011-08-15_00:30|charity]]
 +
* [[User:John|JE]] 2011-08-06: [[Charity_admin#John_2011-08-06_15:30|Installed]] OpenLDAP on [[charity]]
 +
* [[User:John|JE]] 2011-08-04: [[Charity_admin#John_2011-08-04_21:21|Configured]] [[charity]] as the [[Kerberos#KDC_configuration|KDC]]
 +
 
 +
== Kerberos ==
  
* [http://web.mit.edu/Kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-install.html#Ports%20for%20the%20KDC%20and%20Admin%20Services Ports for the KDC and Admin Services]: The default ports used by Kerberos are port 88 for the KDC and port 749 for the admin server.
+
[http://web.mit.edu/Kerberos/krb5-1.9/krb5-1.9.1/doc/krb5-install.html#Ports%20for%20the%20KDC%20and%20Admin%20Services Ports for the KDC and Admin Services]: The default ports used by Kerberos are port 88 for the KDC and port 749 for the admin server.
  
 
See [[Kerberos]] for ProgClub's Kerberos configuration.
 
See [[Kerberos]] for ProgClub's Kerberos configuration.

Latest revision as of 14:18, 1 July 2012

This is the ProgClub Single sign-on project. The idea is that users can login to our systems using a single username and password. For other projects see Projects.

Project status

Done! Kerberos has been configured on charity, which is the KDC. An NFS share for users' home directories has been configured on charity. Hope and honesty have been configured with an appropriate Kerberos/LDAP/PAM client configuration. Svn access to the read-write member's only version of pcrepo has been secured with Kerberos integration (via Apache and HTTPS).

Contributors

Members who have contributed to this project. Newest on top.

All contributors have agreed to the terms of the Contributor License Agreement. This excludes any upstream contributors who tend to have different administrative frameworks.

Copyright

Copyright 2011, Contributors. Licensed under the New BSD license.

Links

Single sign-on related information

Kerberos related information

LDAP related information

NFS related information

TODO

Things to do, in rough order of priority:

  • Investigate MySQL/Kerberos integration

Done

Stuff that's done. Latest stuff on top.

Kerberos

Ports for the KDC and Admin Services: The default ports used by Kerberos are port 88 for the KDC and port 749 for the admin server.

See Kerberos for ProgClub's Kerberos configuration.