LDAP authentication and authroization for the GUI parts
Lezgin Bakircioglu
I am testing your suite and I must say I am pretty impressed, mainly with how you manage to build it with several sensors and one place where to keep the data with out using direct SQL from the sensors to the server (with the risk of loosing data if there is network connectivity issue).
So, to start with, good job!
But I have seen one missing feature that I believe there is a need for in bigger environments is the cases when you are not one or a couple of guys using the GUI's is to have central authentication and authorization.
So basically ldap (or even kerberos) for the authentication and ldap for the authorization.
One simple way to achieve this is to disable the different login parts in the different open source projects and rely on apache fixing the authentication. You can also have apache to put in headers of the authenticated username for eg when you write notes to use the username for traceability of who did write the note and such.
Would this be possible? I will also check if I can get some fundings for this if
Doug Burks
ELSA is already capable of doing LDAP authentication. See /etc/elsa_web.conf.
Doug
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/groups/opt_out.
--
Doug Burks
http://securityonion.blogspot.com
Lezgin Bakircioglu
My thought would be to have this a part of the installation process and have it as a option but your thought is that its enough with elsa part ? It would cover allot at least.
Doug Burks
forms of authentication, but ELSA should work today.
Doug