Learning your authN-Zs*
How I learned to stop worrying and love Kerberos and LDAP
Maybe you think OpenID is the New Hotness, or that OAuth invented the concept of delegated access to protected resources. Maybe you finally figured out how to push your public SSH key onto a server so you can log in without using a password, and you think you’ve found the latest-and-greatest in secure, convenient remote systems access.
Here’s the thing: the old-skool UNIX crowd had single-sign on, secure access delegation, and ways to selectively share account information across multiple machines and networks all worked out 15 years ago. Heck, even Microsoft figured it out before you did.
The secret to all this wizardry? Two simple, orthogonal technologies which taste great together: Kerberos and LDAP. Before you run off an reinvent the wheel (badly), or cook up some form of (broken) one-off credential storage mechanism, you should know about these tools, why they’re probably better than anything you’ve dreamed up, and how they not only work with web applications, but in fact make them more secure, easier to maintain, and just plain better.
Lennon Day-Reynolds works in revenue engineering at Twitter, which means you can ask him the question “how does Twitter make money?” and get a useful answer.
Prior to joining Twitter, he worked at Dark Horse Comics, Sun Microsystems, Reed College, and a handful of other shops building rich, dynamic web applications. In every case, he’s relied on open source software to create and manage websites for communities ranging in size from dozens to millions.