Hello SP> I think your suggestion of chained authentication methods and filters SP> would be the way to go. The two most common ways of interacting with SP> Fedora are through a web interface (which can be protected by SP> Shibboleth) and at the command line, which could be protected by an Xml SP> user file, an ldap server, or any other credential store that's SP> available locally and configurable in JAAS. Command line access is SP> generally for management and administration, and as such, would usually SP> be restricted to a small number of users; web access is more typical of SP> the world at large, and lends itself better to SSO.
Thanks for the explanation. The lack of SSO support in command line applications should have been an indication that it wasn't widely considered to be a good idea. That said, there is a (Shibboleth only) SSO client library: https://wiki.shibboleth.net/confluence/display/SHIB2/ECP I discovered afterwards that it is possible to make SSO optional, which took away most of my worries. Swithun. -- The University of St Andrews is a charity registered in Scotland: SC013532 ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ Fedora-commons-users mailing list Fedora-commons-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
