Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent Changes
Live Chat
commons-linode-stage
Search
Search
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
FreedomTunnel
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Special pages
Page information
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
FreedomTunnel is a FLOSS ("free/libre open source software") Single Sign On ("SSO") One-Time-Password System. See also [[FreedomTunnel/DeploymentNotes|DeploymentNotes]]. == Overview == The idea is that one can login to a Windows/Mac/Linux system, enter a one time password (PIN number + 6 digit code), and be authenticated to everything one can use that requires a password without further authentication prompts. The core will probably be FreeIPA, which looks pretty compelling and will take care of a lot of the involved pieces (NTP/Ldap/Kerberos) in one shot. See [https://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/index.html this guide]. Add in RADIUS ([http://consultancy.edvoncken.net/index.php/HOWTO_Configure_Radius_with_an_IPA_Server via]) and [http://weblogin.org/ CoSign] for web SSO (found at http://forums.somethingawful.com/showthread.php?threadid=3459961) and you've got everything for single sign on / single password. Now we just need to add OTP. == Desired Features == * Fully open source (all client and server pieces) * Runs in a highly available master/(multi)slave fashion in multiple data centers. * Must be seamless (login process is just username + password. Everything else is handled behind the scenes) * OTP generation client must support Android/Blackberry/Apple devices User experience in different contexts: * Login to local workstation: this is a standard username/password combination. No network connectivity is required for this to function. However, if the device is connected to network already, then login system will indicate this and accept username/enhanced password (PIN+random digits). So a maximum of two logins is all that is ever required for access to any resource one controls. * SSH to a server/network device or browse to a webapp I control and not have any login prompts. Supported Authentication Clients: * WPA-Enterprise 802.11 users on Windows, Mac, Linux * Workstation OS logins on Windows, Mac, Linux * VPN users (IPSEC/OpenVPN) * Web applications (Wordpress/MediaWiki/Status.net/Tattler/Drupal/Redmine and any other apps) == More Resources == * [[FreedomTunnel/DeploymentNotes]] * [http://chili.freenetworkfoundation.org/projects/freedomtunnel Chili project page] {{FNFProject}}
Summary:
Please note that all contributions to commons-linode-stage may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Commons-linode-stage:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Templates used on this page:
Template:BasicNavboxFooter
(
edit
)
Template:FNFProject
(
edit
)
Toggle limited content width
