Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Multi-Tier logons + Legacy Apps?

From: Kelly Martin <kel () securityfocus com>
Date: Wed, 5 Nov 2003 17:50:06 -0700 (MST)
On Wed, 5 Nov 2003, John Cole wrote:


I'm currently looking for options for multi-tier logons.  Currently we have
just usernames/passwords.  We would like to find options with Smart Cards,
USB keys, or the like.  The problem we have is we have many legacy
applications.  Are there any systems out that will auto-fill in a
username/password to a system if you have the correct username/password to
go with your key?


John,

One approach would be to investiage some client-based single sign-on
applications that authenticate legacy apps to a single LDAP or X.509
compatible directory service. I suspect that authenticating legacy apps
will be your biggest hurdle, and also the biggest security obstacle to
overcome (so many legacy apps out there have widely varing username/pwds
lengths and policies).  Single sign-on would have to be tested with each
legacy apps to ensure compatibility, and the only way to do that is one at
a time. The advantage is that it can be another layer of security, as the
user would authenticate (login) to the directory service and he/she may
not even know the username/password of the legacy app they need access
to... the client app can handle all that.

Then once you have a common framework for simple authentication you could
look at adding multi-factor authentication capabilities on top of that.
Smart cards, PKI certificates or biometrics could work.

Depending on whether you use Active Directory, eDirectory or iPlanet as an
authentication directory tree, there are some commercial solutions
available to do both of the above. These options aren't cheap and are
generally positioned for large enterprises, but they'll do what you
describe.

-- Kelly Martin SecurityFocus kel () securityfocus com +001-403-261-5468

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: