RE: Single Sign On

["Drew Hunt" <Drew () Valleymed org>]

About a year ago we look at a couple of SSO options.
At work we have over 30 applications that require usernames and passwords. It is painful. 

one vendor was www.truesystems.com they had a simple elegant interface that allows fast user switching and thin client 
and PC support. Supported windows/novell/unix, web based applications, terminal emulation programs and such. It was 
very nice. They came out to our site and within a half a day had the 15 systems working with their SSO. No expensive, 
painful TCL scripts to write. Very simple.

We also looked at http://www.protocom.com/. They have about the same features and supported all of our applications. 
What was cool about this vendor was that they leveraged Active Directory and they didn't require a different "password 
database" server. They stored all systems usernames and passwords as attributed of the user in AD. It was very cool. 
Lots of flexibility. Could store the 100 web usernames and passwords that I use as well. Had same functionality as the 
vendor above and also did an on-site demo.

We haven't implemented anything yet but they are options to give you ideas. If you have lots of apps and platforms to 
support these actually work but they are on the spendy side. Not as spendy as the 200 daily passwords resets by the 
help desk. 

HTH
Drew

-----Original Message-----
From: Trevor Cushen [mailto:Trevor.Cushen () sysnet ie]
Sent: Monday, March 10, 2003 9:19 AM
To: security-basics () securityfocus com
Subject: Single Sign On

Has anyone successfully implemented a single sigh on solution in a Unix
/ Windows environment?

If so could you send on product details or a URL to a guide please.

NOT Web based, I know there are a few web based solutions but I need it
in an enterprise with Windows NT and up, Linux servers and MS-SQL.
Client has one logon only or single sign on.

I am looking at kerberos so if I am going down the wrong track please
let me know.

Many thanks
Trevor Cushen