Bug 211102
Summary: | RFE: pubcookie module request | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | John T. Rose <inode0> |
Component: | distribution | Assignee: | RHEL Program Management <pm-rhel> |
Status: | CLOSED WONTFIX | QA Contact: | Daniel Riek <riek> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 5.1 | CC: | jorton, syeghiay |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-01-31 04:05:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
John T. Rose
2006-10-17 13:38:40 UTC
Assigning to distribution for consideration by PM. From the engineering perspective, the take is: modules like this are a poor attempt at implementing SSO, which we should not endorse or encourage: 1) the SSO session obtained at login is constrained within a particular web browser rather than OS-wide, 2) methods liks this force you to train users to enter credentials via web forms, an unacceptable risk from phishing for e.g. Kerberos credentials 3) they are not compatible with WebDAV clients, 4) to be useful a whole extra server must be set up and configured to be the "login server" The only available method for implementing SSO with HTTP which we should recommend is to use the "Negotiate" protocol using the mod_auth_kerb module, as already shipped. Let me explain further the reason we find pubcookie so valuable. The reality we live in is that organizational units do ask users for credentials to login to their websites and they ask for organization-wide credentials. To what extent this request can be trusted by users is always unknown (although I'm sure you can understand that most blindly enter such credentials anyway). With pubcookie we solve two problems, although imperfectly. First, users only enter credentials once (per browser per timeframe of their choice) rather than repeatedly for each organizational website. The fewer times a user enters credentials the better. Second, they only send credentials to the organization's pubcookie servers, never to the individual webservers they are accessing. This is a far better situation where the trust resides in one place where accountability can be better managed. Users in our environment are subject to phishing both with and without pubcookie but training them to recognize they are talking to the pubcookie server when entering credentials seems to be less subject to phishing than what we had without pubcookie. Thanks for the consideration of this request. John Please leave the bugzilla package assignment as-is. RFEs for new packages are handled through the "distribution" pseudo-package. This enhancement request was evaluated by Red Hat Product Management for inclusion a Red Hat Enterprise Linux major release. Red Hat does not currently plan to provide this enhanced functionality in the next Red Hat Enterprise Linux major release. Red Hat values your feedback and will take this enhancement request into consideration for future major releases of Red Hat Enterprise Linux. Product Management has reviewed and declined this request. You may appeal this decision by reopening this request. |