that interesting - does that mean an institution has to buy a CAL for its
IdP if the IdP talks to AD via LDAP? But the users who access the IdP from
home via browsers/hardware not owned by the institution are covered by the
IdP's CAL?
Alistair
--
mov eax,1
mov ebx,0
int 80h
> Pete
>
> If you use AD for authenticating to Shibboleth from a device not owned
> by your University/College you theoretically need to buy a Windows
> Client Access Licence (CAL) for that device. Campus (MCA) only covers
> you for using AD from insititionally owned devices. In reality it is not
> practical to do this so Microsoft 'allow' you to by an external
> connector licence. You would need to buy one for each of your domain
> controllers (unless you configure LDAP to only use a subset of them).
> They're not that expensive. It doesn't matter that you are using LDAP
> rather than NTLM.
>
> Some people have tried to argue that it is the Shibboleth server that is
> doing the authentication and that you therefore only need to licence the
> one device, i.e. the server. However this is called 'multiplexing' in MS
> licensing parlance and is explicitly forbidden :-)
>
> Cheers
>
> Nigel
>
> Nigel Bruce
> Service Group Leader
> Information Systems Services
> University of Leeds
> LEEDS, LS2 9JT
> Tel. 0113 343 5384
>
>
>
>
>
> -----Original Message-----
> From: Discussion list for Shibboleth developments
> [mailto:[log in to unmask]] On Behalf Of Steve Prentice
> Sent: 29 April 2008 12:41
> To: [log in to unmask]
> Subject: Re: AD, IdPs and MS licensing
>
> Hi Pete,
>
> I just read your email with an interest and not sure if there were any
> replies?
>
> My assumption is that shibboleth (or the associated technologies running
> an IdP) only use an LDAP lookup against AD, so wouldn't need any type of
> licensing?
>
> Cheers,
>
> Steve
> Richard Huish College
>
> -----Original Message-----
> From: Discussion list for Shibboleth developments
> [mailto:[log in to unmask]] On Behalf Of Pete Lettin
> Sent: 25 April 2008 09:44
> To: [log in to unmask]
> Subject: Re: AD, IdPs and MS licensing
>
> Hi,
>
> We are currently trying to install a shibboleth test server
> authenticating against AD.
>
> Did you ever get any information about MS licensing, do we need an
> external connector license for shibboleth?
>
> Pete :-)
>
> Pete Lettin
>
> Senior Network Engineer
> Doncaster College
>
> Please consider the environmental impact of needlessly printing this
> e-mail
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++
> This email is confidential and intended solely for the use of the
> individual to whom it is addressed. Any views or opinions made are
> solely those of the author and may not necessarily represent those of
> Richard Huish College.
>
> If you are not the intended recipient, be advised that you have received
> this email in error and that any use, dissemination, forwarding,
> printing or copying of this email is strictly prohibited. Please delete
> it and advise the sender directly.
>
> All email leaving and entering the College is electronically scanned for
> viruses, SPAM, and other content that does not meet the College's
> Acceptable Use Policy and may be automatically rejected or isolated for
> inspection.
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> +++++++
>
|