Security Basics mailing list archives
Re: Multi-Tier logons + Legacy Apps?
From: Kelly Martin <kel () securityfocus com>
Date: Wed, 5 Nov 2003 17:50:06 -0700 (MST)
On Wed, 5 Nov 2003, John Cole wrote:
I'm currently looking for options for multi-tier logons. Currently we have just usernames/passwords. We would like to find options with Smart Cards, USB keys, or the like. The problem we have is we have many legacy applications. Are there any systems out that will auto-fill in a username/password to a system if you have the correct username/password to go with your key?
John, One approach would be to investiage some client-based single sign-on applications that authenticate legacy apps to a single LDAP or X.509 compatible directory service. I suspect that authenticating legacy apps will be your biggest hurdle, and also the biggest security obstacle to overcome (so many legacy apps out there have widely varing username/pwds lengths and policies). Single sign-on would have to be tested with each legacy apps to ensure compatibility, and the only way to do that is one at a time. The advantage is that it can be another layer of security, as the user would authenticate (login) to the directory service and he/she may not even know the username/password of the legacy app they need access to... the client app can handle all that. Then once you have a common framework for simple authentication you could look at adding multi-factor authentication capabilities on top of that. Smart cards, PKI certificates or biometrics could work. Depending on whether you use Active Directory, eDirectory or iPlanet as an authentication directory tree, there are some commercial solutions available to do both of the above. These options aren't cheap and are generally positioned for large enterprises, but they'll do what you describe. -- Kelly Martin SecurityFocus kel () securityfocus com +001-403-261-5468 --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------
Current thread:
- Multi-Tier logons + Legacy Apps? John Cole (Nov 05)
- Re: Multi-Tier logons + Legacy Apps? Kelly Martin (Nov 05)