EPICS Home

Experimental Physics and Industrial Control System


 
2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  <2025 Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  <2025
<== Date ==> <== Thread ==>
Subject: Re: How is LDAP used in EPICS installations
From: "Williams Jr., Ernest L. via Core-talk" <core-talk at aps.anl.gov>
To: "core-talk at aps.anl.gov" <core-talk at aps.anl.gov>, George McIntyre <george at level-n.com>
Cc: "Michael A. Davidsaver" <mdavidsaver at ospreydcs.com>, "White, Greg" <greg at slac.stanford.edu>
Date: Sat, 15 Mar 2025 15:38:32 +0000
Hi George,

For SLAC, our authentication stack looks like:
PAM ---> SSSD ---> KERBEROS ---> LDAPS

We are getting very close to Single-Sign-On (SSO)  as well.

We are very interested in pursuing EPICS Security and its integration with our authentication stack.

I am starting to gather some requirements here at SLAC that we will feedback to the team.
More details soon.

Cheers,
Ernest
From: Core-talk <core-talk-bounces at aps.anl.gov> on behalf of George McIntyre via Core-talk <core-talk at aps.anl.gov>
Sent: Saturday, March 15, 2025 12:02 AM
To: core-talk at aps.anl.gov <core-talk at aps.anl.gov>
Cc: Michael A. Davidsaver <mdavidsaver at ospreydcs.com>; White, Greg <greg at slac.stanford.edu>
Subject: How is LDAP used in EPICS installations
 
Hi all

I’m working on the new Secure PVAccess implementation of PVXS, with Micheal and Kay.  We are at a stage where we are testing various authentication methods with the new protocol.  One of those we’re looking at is LDAP.  We want to reach out to the community to determine how you see people actually using LDAP.   Are they using it for login (i.e. providing username and password (that is configured and managed by LDAP) to the LDAP API) and then using success to provide access to resources; are they using Kerberos for user authentication and LDAP primarily for user profile information and groups (e.g. phone, office, group); finally some hybrid PAM, SSSD etc. We want to get an idea of what we should provide as integration.  

One of the questions is how we should use and access LDAP groups when it comes to the upgraded EPICS Security.

Please feel free to reply if you have any experience with how LDAP is used to log in and or to provide group information to be used with or aside from authorization.

Cheers

George McIntyre,  CEO              

Level-N-Logo-v-small.png
Lydney, UK
george at level-N.com
www.level-n.com

This email and any files transmitted with it are confidential and privileged information, intended solely for the use of the individual or entity to whom they are addressed. Any unauthorised review, use, disclosure or distribution is prohibited

References:
How is LDAP used in EPICS installations George McIntyre via Core-talk
Navigate by Date:
Prev: Build completed: EPICS Base 7 base-7.0-1540 AppVeyor via Core-talk
Next: Build failed: EPICS Base 7 base-7.0-1556 AppVeyor via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  <2025
Navigate by Thread:
Prev: How is LDAP used in EPICS installations George McIntyre via Core-talk
Next: Build failed: EPICS Base 7 base-7.0-1548 AppVeyor via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  <2025