What are you folks using for self-hosted single sign-on?
I have my little LDAP server (lldap is fan-fucking-tastic – far easier to work with than OpenLDAP, which gave me nothing but heartburn). Some applications can be configured to work with it directly; several don’t have LDAP account support. And, ultimately, it’d be nice to have SSO - having the same password everywhere if great, but having to sign in only once (per day or week, or whatever) would be even nicer.
There are several self-hosted Auth* projects; which is the simplest and easiest? I’d really just like a basic start-it-up, point it at my LDAP server, and go. Fine grained ACLs and RBAC support is nice and all, but simplicity is trump in my case. Configuring these systems is, IME, a complex process, with no small numbers of dials to turn.
A half dozen users, and probably only two groups: admin, and everyone else. I don’t need fancy. OSS, of course. Is there any of these projects that fit that bill? It would seem to be a common use case for self-hosters, who don’t need all the bells and whistles of enterprise-grade solutions.
Don’t you threaten me with Kerberos. I used to have to deal with that crap decades ago; I disliked it then, and unless it’s gotten dramatically easier to work with, it’s not an option for me now.
I hadn’t heard specifically about samba4ad, but Kerberos on LDAP (and, originally, I think, on OLAP) I’m familiar with.
I like LDAP in concept, but after using OpenLDAP for a few years when my network evolved OpenLDAP evolved out of it. It may have been secure, but a more horribly, difficult to debug piece if software, I’ve rarely met. LLDAP has changed all that, and allowed me to start using LDAP again; it may be less capable, but OpenLDAP was overkill for home gamers. LLDAP is juuuust right.
Accidentally enabling SSO sounds like a big fish tale. SSO of usually a PITA to configure and set up. Even commercial software offerings are byzantine.