From owner-freebsd-questions@FreeBSD.ORG  Fri Jul 17 20:46:33 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 69B21106564A
	for <freebsd-questions@freebsd.org>;
	Fri, 17 Jul 2009 20:46:33 +0000 (UTC)
	(envelope-from seklecki@noc.cfi.pgh.pa.us)
Received: from mx04.pub.collaborativefusion.com
	(mx04.pub.collaborativefusion.com [206.210.72.84])
	by mx1.freebsd.org (Postfix) with ESMTP id 2F1E48FC12
	for <freebsd-questions@freebsd.org>;
	Fri, 17 Jul 2009 20:46:33 +0000 (UTC)
	(envelope-from seklecki@noc.cfi.pgh.pa.us)
Received: from [192.168.2.161] ([206.210.89.202])
	by mx04.pub.collaborativefusion.com (StrongMail Enterprise
	4.1.1.4(4.1.1.4-47689)); Fri, 17 Jul 2009 16:30:07 -0400
X-VirtualServerGroup: Default
X-MailingID: 00000::00000::00000::00000::::2
X-SMHeaderMap: mid="X-MailingID"
X-Destination-ID: freebsd-questions@freebsd.org
X-SMFBL: ZnJlZWJzZC1xdWVzdGlvbnNAZnJlZWJzZC5vcmc=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed;
	d=noc.cfi.pgh.pa.us; s=noc_cfi_pgh_pa_us_key_dkim; l=575;
	t=1247862607; i=@noc.cfi.pgh.pa.us; h=Subject:From:To:Cc:
	In-Reply-To:References:Content-Type:Date:Message-Id:Mime-Version:
	X-Mailer:Content-Transfer-Encoding; bh=sn+PDbcoMGJEHiQX5Mun+ZG2g
	a0=; b=FLTnIeTXGX9tMKGLy5cxDcit1yRDHioMYvV0FlrZevj3wavn+74IAUxdM
	H2qgzWXqe3ZJ+/xWQQAho5tGObfsQBut3gQGfvz2H3vaUF3efVdxk/tNd9jLfEVY
	zOWNfFd
From: "Brian A. Seklecki" <seklecki@noc.cfi.pgh.pa.us>
To: John Almberg <jalmberg@identry.com>
In-Reply-To: <9AA14F8C-6061-4E64-895A-C8D047F40A74@identry.com>
References: <9AA14F8C-6061-4E64-895A-C8D047F40A74@identry.com>
Content-Type: text/plain
Date: Fri, 17 Jul 2009 16:46:24 -0400
Message-Id: <1247863584.10382.14639.camel@soundwave.ws.pitbpa0.priv.collaborativefusion.com>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.2 (2.26.2-1.fc11)
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: SSO solution in ports?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jul 2009 20:46:33 -0000

On Thu, 2009-07-16 at 10:52 -0400, John Almberg wrote:
> I am trying to build a set of web applications that are accessed  
> through a web portal that uses a Single Sign On (SSO) solution.  

Combine your SSO (LDAP mostly, Kerberos is a waking nightmare) with a
2FA/TFA (Second Factor Authentication) solution such as grid cards,
FOBs, or an OTP password list.

I recommend Entrust IdentityGuard.   Our pam_radius works fine with it,
and web application can run NSS functionality out of LDAP and PAM
functionality out of Entrust's SOAP-XML Authentication API. 

 ~BAS