Projekt SSO: Difference between revisions
| Line 27: | Line 27: | ||
| Open ldap provides user management, but can also be used for many other things, like certificate store or address managemen | Open ldap provides user management, but can also be used for many other things, like certificate store or address managemen | ||
| For secure communication between LDAP server and client, an SSL connection can be used. This means we also need a key/certificate management. The same can be used for other services that use SSL, like HTTPS for webservers or openvpn. | For secure communication between LDAP server and client, an SSL connection can be used. This means we also need a key/certificate management. The same can be used for other services that use SSL, like HTTPS for webservers or openvpn. | ||
| OpenLDAP can be run on the same host as samba or on a different host. I want to use the QNAP NAS since I expect it to have more uptime and I want to run the samba AD there too as soon as it is available. OpenLDAP is available as a QPKG on the NAS. | |||
| === Certificate Management (PKI) === | === Certificate Management (PKI) === | ||
| see [[Projekt_PKI]] | see [[Projekt_PKI]] | ||
Revision as of 16:26, 30 March 2014
Samba 4
Goal is to have single signon (SSO) with open source software for as much services as possible. Since SSO for windows services needs a windows domain controller and Samba 4 provides one, this seems to be the only way to go.
In the end, I want all services to be run on the low power QNAP NAS. This is not possible yet, because samba 4 will only be available on the next QNAP OS 4.1. In the mean time I'll implement it on the opensuse server.
SSO Services
- login on all linux and windows devices, including servers, NAS and notebooks
- windows shares
- samba shares on linux servers and qnap NAS
- wiki
- bugtracker (trac)
- databases (mysql, db2)
- more webservices
Subprojects
Samba needs some backend technology to work. Right now, I know of user management and domain name service. User management could be handled by samba internally, but not all sso services support samba users as identity provider. A common user id management that is supported by many services directly or indirectly is LDAP. Samba, openSUSE linux and e.g. DB2 support it natively, others via PAM or other services.
Open LDAP
Open ldap provides user management, but can also be used for many other things, like certificate store or address managemen For secure communication between LDAP server and client, an SSL connection can be used. This means we also need a key/certificate management. The same can be used for other services that use SSL, like HTTPS for webservers or openvpn.
OpenLDAP can be run on the same host as samba or on a different host. I want to use the QNAP NAS since I expect it to have more uptime and I want to run the samba AD there too as soon as it is available. OpenLDAP is available as a QPKG on the NAS.
Certificate Management (PKI)
see Projekt_PKI