Caleb,
Thanks very much, that all makes perfect sense - I was worried that I
missed something.
/rod
----- Original Message -----
From: "caleb racey" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, January 15, 2008 10:58 AM
Subject: Re: Shibboleth and Active Directory
We used pubcookie because:
1) we already had it as a sso system prior to working with shib
2) we prefer a "proper" web form login rather than the horrible grey
box pop up authentication offered by BASIC authentication
3) Pubcookie is readily clusterable (we have 2 login server physically
separated)
4) Pubcookie can talk to the active directory via either ldap or
Kerberos giving us flexibility in authentication techniques (handy when
a Microsoft update temporarily breaks one approach)
Pubcookie works as part of our shibboleth install. When we deploy shib
2.0 we will review whether we need a separate login service like
Pubcookie or not.
|