#6506 NORM Never A: Create a unified login and authenication system across OLPC systems
Zarro Boogs per Child
bugtracker at laptop.org
Wed Apr 9 11:55:26 EDT 2008
#6506: Create a unified login and authenication system across OLPC systems
--------------------------------------+-------------------------------------
Reporter: ixo | Owner: hhardy
Type: enhancement | Status: assigned
Priority: normal | Milestone: Never Assigned
Component: infrastructure-internal | Version:
Resolution: | Keywords:
Verified: 0 | Blocking:
Blockedby: |
--------------------------------------+-------------------------------------
Comment(by hhardy):
Replying to [ticket:6506 ixo]:
> I have accounts on OLPC wiki, teamwiki, dev.laptop.org and
rt.laptop.org. It would be great if all these systems shared the same
login/authenication system, so I can login once for all!
>
> Possible research into
> * OpenID
> * Central Authenication Systems (CAS)
> * OpenCAS
> * LDAP
> * etc...
I see some possible issues with this suggestion:
It does nothing to enhance the security or functionality of our systems.
It bypasses the private-key authentication system now used for shell and
git accounts which I think is considerably more secure than what is
proposed.
It creates a single point of failure for all systems.
It would be extra work to create and maintain.
There is currently no one administrator over all these systems to make the
determination of who would get what privileges.
Lacks granularity.
Not all of these systems are designed to work with LDAP, RADIUS, TACACS
&tc.
Mstone has proposed a security policy server which I think is a more
interesting idea.
Leaving this ticket open for now if there is additional discussion/input.
--
Ticket URL: <http://dev.laptop.org/ticket/6506#comment:3>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list