Æ-DIR -- Authorized Entitites Directory

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/54434 (DOI)

Publisher

openSUSE

Release Date

2019

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

This talk will present a concept and real-world implementation of an identity and access management system (IAM) purely based on OpenLDAP. The main goal of Æ-DIR (besides challenging Unicode handling in various software with its name) is to follow the delegation, need-to-know and least-privilege principles as strictly as possible. The visibility of user, group, sudoers, etc. is limited by OpenLDAP’s set-based ACLs. All systems and services, no exception(!), have to individually authenticate to be authorized to access Æ-DIR. The talk will give some additional information about the secure base configuration of OpenLDAP and a special NSS/PAM caching demon developed for lower resource usage.