LDAP and passwords
Christopher Browne
cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Thu Jul 30 20:18:33 UTC 2009
On Thu, Jul 30, 2009 at 11:26 AM, Darryl Moore<darryl-90a536wCiRb3fQ9qLvQP4Q at public.gmane.org> wrote:
> Unfortunately every time they change password they also need to change
> their clients. specifically Evolution/Thunderbird and the Firefox Weave
> plugin. Is there any way that this can be done automatically so that
> changing ones password does not have to become a multistep affair?
Unfortunately, if the clients are individually managing passwords,
then there is no way for this NOT to be a "multistep affair."
You'd need to have some sort of centralized "client authentication manager."
It's worth observing that Apple built such a thing for MacOS, called
Keychain. Curiously, portions of it represent an implementation of
CSDA (Common Data Security Architecture), an Open Group framework
which, interestingly enough, has code available at SourceForge.
http://en.wikipedia.org/wiki/Keychain_(Mac_OS)
http://www.opengroup.org/security/cdsa.htm
http://sourceforge.net/projects/cdsa/
It strikes me that it would be more appropriate for these sorts of
applications to use Kerberos as an authentication management system.
For better or worse, applications don't tend to do so.
--
http://linuxfinances.info/info/linuxdistributions.html
Samuel Goldwyn - "I'm willing to admit that I may not always be
right, but I am never wrong." -
http://www.brainyquote.com/quotes/authors/s/samuel_goldwyn.html
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list