I may misundertood the request, but Google (for exemple) provide a way to allow Client side and installed application to authenticate throught Google's API using OpenAUTH 2.0 standards.
Yes you're still needed to use browser interaction etc, but, python as well as ASP.NET are able to handle web request and for the Linux part, Gnome too through the WebKitGTK+ tools.
It may be a lead for your research.
Oh and by the way, about WebServices and OpenID etc, the pam module could be write in Python (for WebServer part) and be integrated to Gnome 3.2 easily (Also Python to modificate Gnome-Keyring API), AND in ASP.NET for the windows side.
But once again, I'm not a specialist of this question, just far interested by. ;-)
It's not the issue of the provider trusting the relying party.
The problem is in that the user has to trust it.
There are, however, three other issues:
Whatever you do, you can't guarantee your user that your pam module doesn't steal his password.
Since there's no unified authentication mechanism among providers, you would still need to display an interactive browser window. I don't think that pam modules can be interactive, though.
The module would have to be a http server in order to be able to receive responses.
It looks like it could do the trick, if you use LDAP.
Ok, the idea of JumpCloud is that they provide the LDAP-to-Google OAUTH connection, so if you setup your system to authenticate through LDAP, but set it to check JumpCloud's LDAP, and not your local system, then you should be able to login using a Google domain account.
发布评论
评论(3)
我可能误解了这个请求,但 Google(例如)提供了一种方法,允许客户端和已安装的应用程序使用 OpenAUTH 2.0 标准通过 Google 的 API 进行身份验证。
正如您在对已安装的应用程序使用 OAuth 2.0 中看到的,甚至在使用设备 OAuth 2.0。
是的,您仍然需要使用浏览器交互等,但是,Python 以及 ASP.NET 都能够处理 Web 请求,对于 Linux 部分,Gnome 也可以通过 WebKitGTK+ 工具处理。
它可能会成为你研究的线索。
哦,顺便说一句,关于 WebServices 和 OpenID 等,pam 模块可以用 Python 编写(用于 WebServer 部分)并轻松集成到 Gnome 3.2(也可以使用 Python 来修改 Gnome-Keyring API),并且可以在 ASP.NET 中编写窗户一侧。
但再说一次,我不是这个问题的专家,只是对此很感兴趣。 ;-)
I may misundertood the request, but Google (for exemple) provide a way to allow Client side and installed application to authenticate throught Google's API using OpenAUTH 2.0 standards.
As you can see in Using OAuth 2.0 for Installed Applications or even more in Using OAuth 2.0 for Devices.
Yes you're still needed to use browser interaction etc, but, python as well as ASP.NET are able to handle web request and for the Linux part, Gnome too through the WebKitGTK+ tools.
It may be a lead for your research.
Oh and by the way, about WebServices and OpenID etc, the pam module could be write in Python (for WebServer part) and be integrated to Gnome 3.2 easily (Also Python to modificate Gnome-Keyring API), AND in ASP.NET for the windows side.
But once again, I'm not a specialist of this question, just far interested by. ;-)
这不是提供者信任依赖方的问题。
问题在于用户必须信任它。
然而,还有其他三个问题:
It's not the issue of the provider trusting the relying party.
The problem is in that the user has to trust it.
There are, however, three other issues:
我找到了这个。
JumpCloud
如果您使用 LDAP,它看起来可以解决这个问题。
好的,JumpCloud 的想法是它们提供 LDAP 到 Google OAUTH 连接,因此,如果您将系统设置为通过 LDAP 进行身份验证,但将其设置为检查 JumpCloud 的 LDAP,而不是您的本地系统,那么您应该能够使用 Google 域帐户登录。
I found this one.
JumpCloud
It looks like it could do the trick, if you use LDAP.
Ok, the idea of JumpCloud is that they provide the LDAP-to-Google OAUTH connection, so if you setup your system to authenticate through LDAP, but set it to check JumpCloud's LDAP, and not your local system, then you should be able to login using a Google domain account.