Re: Single Sign On?
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Tue, 27 May 2008 12:16:37 -0500
"AJ" <andyjones99@xxxxxxxxxxxxx> wrote in message
news:b73337e9-fd77-44ed-906a-9bb7be2d266a@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 26 May, 23:45, "Herb Martin" <n...@xxxxxxxxxxxxxx> wrote:
"AJ" <andyjone...@xxxxxxxxxxxxx> wrote in message
news:59bd8ad1-85f3-4421-8509-994bc8bbfba0@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On 26 May, 12:12, Meinolf Weber <meiweb(nospam)@gmx.de> wrote:
Hello AJ,
The trust will be the only way to use single sign on, as far as i know.
Otherwise
the user credentials can not be checked in your domain.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!!http://www.blakjak.demon.co.uk/mul_crss.htm
Hello
We have a customer who logs into their own local domain for file
resources and they use our domain for other resources such as
sharepoint. The customer access is via the internet (No VPN) and they
authenticate using basic authentication and SSL via ISA. The customer
only wants to have to enter login credentials once (their local domain
creds) as opposed to getting challenged for credentials of our domain
when accessing our resources.
Any idea how this can be implemented or if a solution that provides
this exists. I dont want to have to create a forest trust with their
domain becuase there is no level of trust with their network.
Any help appreciated
Thanks
AJ- Hide quoted text -
- Show quoted text -
Hi Meinolf
<<
Thanks for your reply. The customer users our domain accounts to
access their sharepoint site and Exchange server which is in our
forest. I guess I could configure a one way trust where they trust our
domain and then they could actually log into their local machines
(which are a member of their local AD domain) using their accounts
that they use to access their Exchange/SharePoint site which are
actually accounts in our domain. They could then grant permissions to
these accounts against their local domain resources as required. Does
that make sense? :)
That's possible -- the key is which is least disturbing for them,
or most meets the security, admin, and other needs of the
various admins (yours and theirs).
IF you trust THEIR domain then you will trust their DCs to
authenticate them and they will use their "own domain" account.
IF they trust YOUR domain then theirs will trust your DCs to
authenticate them and they will use their account on "YOUR
domain."
Both are choices. The trust goes from the Resource (your
stuff or their computers) TOWARDS the ACCOUNT
domain -- that simple.- Hide quoted text -
- Show quoted text -
<<
Thanks. If I created an external trust to the customer domain (running
over a branch to branch VPN tunnel), where they trust my accounts,
would I be able to hide my accounts that are not relevent to the
customer i.e those that are not in their OU in my domain?
The last thing I want is for the remote domain to be able to browse
our users/groups etc.
Possible but tedious and likely you won't maintain it carefully.
If you share an Exchange system it would seem they SHOULD
be able to see your users....perhaps.
.
- References:
- Single Sign On?
- From: AJ
- Re: Single Sign On?
- From: Meinolf Weber
- Re: Single Sign On?
- From: AJ
- Re: Single Sign On?
- From: Herb Martin
- Re: Single Sign On?
- From: AJ
- Single Sign On?
- Prev by Date: Re: Single Sign On?
- Next by Date: How can I detect what is happening to a program?
- Previous by thread: Re: Single Sign On?
- Next by thread: How can I detect what is happening to a program?
- Index(es):
Relevant Pages
|
