Comment on What Self-Hosted Single Sign-On (SSO) do you use?
nickwitha_k@lemmy.sdf.org 1 year ago
I’d suggest something like Keycloak or earning the wizard robe and beard by buckling down and learning OpenLDAP. The biggest suggestion that I have though is to have a disaster recovery plan for even your auth system goes down. Don’t be like Facebook and lock yourself out without any hope of regaining entry (or, if you’re a fan of Russian Roulette, do).
Deebster@lemmyrs.org 1 year ago
What's your DR plan? My "plan" is to SSH in and figure out what's wrong.
nickwitha_k@lemmy.sdf.org 1 year ago
I’m still trying to cover up with a good one to allow more self-hosting. Probably a SHTF security key kept in a safe that can be used with physical access.
The problem here being that you have a circular dependency:
Deebster@lemmyrs.org 1 year ago
My SSH auth uses SSH keys stored in authorized_keys, but I see your point. For me, OpenLDAP will be letting users in to the various services and SSH is outside that. I suppose SFTP could be something I want, but I'd be tempted to put a new sshd inside a container and have it more restricted than the system one.
I think the backup key idea is definitely the most broadly applicable, but there's physical/KVM for a more old school access route.