The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
Government can give you nothing but what it takes from somebody else. A government big enough to give you everything you want is big enough to take everything you've got, including your freedom.-Ezra Taft Benson
You must accept 1 of 2 basic premises: Either we are alone in the universe or we are not alone. Either way, the implications are staggering!-Wernher von Braun
I started to try to write a joke about someone asking for their password to be set to "there" and communication being a routine about there/their/they're, and where the guy points to being a peice of paper he pointing to.
A system I worked on encrypted the password given on the login window and passed it to a component running on an app server which held it in memory for up to 8 hours. All the apps at startup would pass the userid to the app server to get the password. If the password was returned, it decrypted it and logged into the database, bypassing the login window. This allowed the user to only have to type their password once per day. The userid was filled in for them using WNetGetUser.
Sounds like something similar to Kerberos. Maybe it was Kerberos.
Kerberos (developed at MIT) is an extremely well designed single-sign-on system that really could deserve to become a great success. It was one of the flagships of the open source, *nix based packages that was on its way into several of the widespread applications in the erarly 1990s: There were "kerberized" versions of file transfer programs, email, remote login, ... Web pages were not as essential then, but I believe there were web browsers supporting Kerberos authenitcation.
But then... Microsoft discovered it, saying "This is really great! We will build our distributed athentication on the Kerberos protocol". And the reaction from the open source community was exactly as could be expected in the early 1990s: "Is Microsoft using it? Then one thing is for sure: We will not! We will not have anything to do with something that has been touched by MS, even if it really comes from our side!"
So Kerberos was effectively killed by/in the open source environment. Aside from MS, still using it (but not promoting it as it should have been!), there is very clear to zero use of Kerberos. That is certainly not because "better" solutions have displaced it: 99% or more of all logins today are made on authentications systems clearly inferior to Kerberos.
Well......... That may not be as crazy as it sounds...
Ok, actually pasting it is, of course, and Single-Sign On with some identity provider (AD) would be a MUCH better option.
But I've actually worked with a VPN client once where I was able to put my username and password in a file somewhere in My Documents or some such (may also be a public folder such as Program Files, which would be stupid) and the VPN would automatically connect with those credentials if I was logged in.
If I deleted the file I had to type in my username and password every time I tried to connect.
I didn't think it was the safest option, but at least it was easier than manually logging in each day.
For a small app (WinForms, not web) I wrote for an employer some years ago, I had it get the user's Windows Identity and match it to the profiles in the system. And if the user wished, he could set his profile to accept the Identity as proof of authenticity rather than requiring the password.
Logging into the same profile from another Identity would require the password.
Hmmm... does that qualify as two-factor authentication? Authenticate against Active Directory and then against the application?
Only four people ever used the app and I, of course, set my profile to auto-authenticate with my Identity.
If they're using Active Directory, you could use that for authentication. Most of our apps at work are set up that way, even our web ones. Granted, the web ones we have to enter in our information again, but at least it's one less thing to remember for a work related task.
Last Visit: 20-Sep-19 17:28 Last Update: 20-Sep-19 17:28