Cross-domain authentication using identity.kde.org
Alexander Potashev
aspotashev at gmail.com
Sun Apr 27 10:32:54 UTC 2014
2014-04-25 15:11 GMT+04:00 Ben Cooksley <bcooksley at kde.org>:
> On Fri, Apr 25, 2014 at 7:01 AM, Alexander Potashev
> <aspotashev at gmail.com> wrote:
>> I'm going to create a new KDE-related web service to coordinate
>> translators into Russian. To minimize the number of web accounts
>> people have I would like to avoid storing passwords on my server.
>> Instead, it sounds promising to use authentication through
>> identity.kde.org, like you did at forum.kde.org.
>>
>> I need an advice on how to implement this. Thanks!
>
> At the moment this is conducted using standard LDAP login procedures.
>
> There are plans at some point to shift to a custom, secure login
> protocol which would allow performing SSO - and ensure that only
> Identity was responsible for taking usernames / passwords and
> validating them.
>
> If you need any other details, please let me know.
Hi Ben,
Does the usage of LDAP login mean that the web application behind
forum.kde.org receives my login and password? This sounds insecure: if
someone hacks forum.kde.org, he could get all the passwords of people
who login to the forum. And what if someone uses two-factor
authentication at identity.kde.org - can they login to the forum with
just the primary password?
--
Alexander Potashev
More information about the kde-www
mailing list