Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
metamod:security_plans [2008-11-27 09:49:43] heikok |
metamod:security_plans [2022-05-31 09:29:32] (current) |
||
---|---|---|---|
Line 7: | Line 7: | ||
| Administration of Tomcat | http:// | | Administration of Tomcat | http:// | ||
| Access to upload-environment |http:// | | Access to upload-environment |http:// | ||
- | | Access to upload-environment |ftp:// | + | | Access to upload-environment |ftp:// |
- | | Administration of Metamod-server | ssh:server | passwd | / | + | | Administration of Metamod-server | ssh:server | passwd | PAM-configured |
===== Wishlist ===== | ===== Wishlist ===== | ||
Line 26: | Line 26: | ||
* // | * // | ||
* // | * // | ||
- | * //passwd// can be replaced with LDAP via [[http:// | + | * //passwd// can use LDAP via [[http:// |
* // | * // | ||
Line 43: | Line 43: | ||
* Using Kerberos, requires kerberos-support from client-side, | * Using Kerberos, requires kerberos-support from client-side, | ||
* Using SAML, that is SSO on application-level. This will be hard to impossible to implement since we don't have control of Thredds, ssh and ftp. | * Using SAML, that is SSO on application-level. This will be hard to impossible to implement since we don't have control of Thredds, ssh and ftp. | ||
+ | * Using tomcat within apache (mod_jk, mod_proxy), having same security realm. This would be a good solution for SSO on the http-side (simply having one application), | ||
+ | ===== Changes needed ===== | ||
- | ==== Changes needed ==== | + | ==== BasicAuth for /upl ==== |
- | + | ||
- | === BasicAuth for /upl === | + | |
* .htaccess protection for all /upl/* pages | * .htaccess protection for all /upl/* pages | ||
Line 53: | Line 53: | ||
* Only username known to metamod $_SERVER{REMOTE_USER} after login, not institution/ | * Only username known to metamod $_SERVER{REMOTE_USER} after login, not institution/ | ||
- | === (Optional) upload-area per user === | + | ==== (Optional) upload-area per user ==== |
* each user should have a user-directory, | * each user should have a user-directory, |