Slightly off subject but...
Does this also apply to home users accessing web services requiring authentication against AD. e.g. an externally available "intranet"?
Is this any different with IIS or apache?
Pete :-)
Pete Lettin
Senior Network Engineer
Apple Helpdesk Support
Corporate IT Services
Doncaster College
Tel: +44(0)1302 553579
Fax: +44(0)1302 553568
-----Original Message-----
From: Discussion list for Shibboleth developments [mailto:[log in to unmask]] On Behalf Of Nigel Bruce
Sent: 29 April 2008 16:27
To: [log in to unmask]
Subject: Re: AD, IdPs and MS licensing
No, the exact opposite :-)
-----Original Message-----
From: Discussion list for Shibboleth developments
[mailto:[log in to unmask]] On Behalf Of Alistair Young
Sent: 29 April 2008 16:14
To: [log in to unmask]
Subject: Re: AD, IdPs and MS licensing
that interesting - does that mean an institution has to buy a CAL for
its IdP if the IdP talks to AD via LDAP? But the users who access the
IdP from home via browsers/hardware not owned by the institution are
covered by the IdP's CAL?
Alistair
--
mov eax,1
mov ebx,0
int 80h
> Pete
>
> If you use AD for authenticating to Shibboleth from a device not owned
> by your University/College you theoretically need to buy a Windows
> Client Access Licence (CAL) for that device. Campus (MCA) only covers
> you for using AD from insititionally owned devices. In reality it is
> not practical to do this so Microsoft 'allow' you to by an external
> connector licence. You would need to buy one for each of your domain
> controllers (unless you configure LDAP to only use a subset of them).
> They're not that expensive. It doesn't matter that you are using LDAP
> rather than NTLM.
>
> Some people have tried to argue that it is the Shibboleth server that
> is doing the authentication and that you therefore only need to
> licence the one device, i.e. the server. However this is called
> 'multiplexing' in MS licensing parlance and is explicitly forbidden
> :-)
>
> Cheers
>
> Nigel
>
> Nigel Bruce
> Service Group Leader
> Information Systems Services
> University of Leeds
> LEEDS, LS2 9JT
> Tel. 0113 343 5384
>
>
>
>
>
> -----Original Message-----
> From: Discussion list for Shibboleth developments
> [mailto:[log in to unmask]] On Behalf Of Steve Prentice
> Sent: 29 April 2008 12:41
> To: [log in to unmask]
> Subject: Re: AD, IdPs and MS licensing
>
> Hi Pete,
>
> I just read your email with an interest and not sure if there were any
> replies?
>
> My assumption is that shibboleth (or the associated technologies
> running an IdP) only use an LDAP lookup against AD, so wouldn't need
> any type of licensing?
>
> Cheers,
>
> Steve
> Richard Huish College
>
> -----Original Message-----
> From: Discussion list for Shibboleth developments
> [mailto:[log in to unmask]] On Behalf Of Pete Lettin
> Sent: 25 April 2008 09:44
> To: [log in to unmask]
> Subject: Re: AD, IdPs and MS licensing
>
> Hi,
>
> We are currently trying to install a shibboleth test server
> authenticating against AD.
>
> Did you ever get any information about MS licensing, do we need an
> external connector license for shibboleth?
>
> Pete :-)
>
> Pete Lettin
>
> Senior Network Engineer
> Doncaster College
>
> Please consider the environmental impact of needlessly printing this
> e-mail
>
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++
> This email is confidential and intended solely for the use of the
> individual to whom it is addressed. Any views or opinions made are
> solely those of the author and may not necessarily represent those of
> Richard Huish College.
>
> If you are not the intended recipient, be advised that you have
> received this email in error and that any use, dissemination,
> forwarding, printing or copying of this email is strictly prohibited.
> Please delete it and advise the sender directly.
>
> All email leaving and entering the College is electronically scanned
> for viruses, SPAM, and other content that does not meet the College's
> Acceptable Use Policy and may be automatically rejected or isolated
> for inspection.
>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++
>
|