[Freeipa-users] FreeIPA and Application Specific Passwords
Dmitri Pal
dpal at redhat.com
Thu Feb 19 16:23:34 UTC 2015
On 02/19/2015 05:06 AM, Jan Pazdziora wrote:
> On Wed, Feb 18, 2015 at 04:06:39PM -0800, Martin Minkus wrote:
>> Except where we don't want single sign on, and separate passwords are
>> advantageous or even required:
>>
>> - Web logins
> Could you elaborate on the use cases when you'd want your users to log
> in using their passwords on a Web login, instead of using SSO, be it
> Kerberos or SAML? Is that purely the application not supporting it
> or are there some other reasons (you say "we don't want single sign
> on" which sounds like a political or compliance issue, not technical
> one).
>
IMO the case is:
I have a phone and a tablet and a laptop.
I do not want to use one password for all three.
On the phone and tablet people save their passwords so I do not want to
have same password cached on all devices. I want to have a password per
device.
IMO the way to go is certs rather than passwords.
We are not there yet but with upcoming changes we will get much closer.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list