[Owasp-delhi] Is it a good design to put external users in Active Directory
Saurabh Harit
saurabh.harit at gmail.com
Fri Oct 29 04:01:12 EDT 2010
Hi Dharmesh,
As long as you create a separate group under AD and strictly control its
access, it's all good.
Thanks & Regards,
-------------------------------------------------------
Saurabh Harit
Senior Security Analyst
Sensepost (Pty) Ltd
Ph: +27 768006821
"Security is not a noun, it's a verb"
On Thu, Oct 28, 2010 at 12:14 PM, Dharmesh M Mehta <
Dharmesh.Mehta at mastek.com> wrote:
> If I had to provide access to the enterprise portals to some of the
> people in my partner organization (external users), I need to authenticate
> them.
>
>
>
> If my internal users are using Active Directory for authentication to the
> Enterprise Portals, will it be a good design to create external users in the
> AD and allow authentication to the portal?
>
> Or one should go with doing custom authentication of the external users in
> Database and “not touch” Active Directory”?
>
> Or setup federated “trust” between organization Active Directory (assuming
> both have same Active Directory technology)?
>
>
>
> My take is that Active Directory is the best product to manage user
> authentication and should be used for creating external users too.
>
>
>
> Your thoughts please.
>
>
>
> *Thanks & Regards,*
>
>
>
> *Dharmesh M Mehta*
>
> CISSP, Security Specialist
>
> Mastek Ltd | MNDC, MBP Mahape, Navi Mumbai, India | (T) 91 22 6791 4646
> Extn - 5469 | Mobile: 91 9730002132
>
> http://smartsecurity.blogspot.com
>
>
>
>
>
> MASTEK LTD.
> In the US, we're called MAJESCOMASTEK
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Opinions expressed in this e-mail are those of the individual and not that of Mastek Limited, unless specifically indicated to that effect. Mastek Limited does not accept any responsibility or liability for it. This e-mail and attachments (if any) transmitted with it are confidential and/or privileged and solely for the use of the intended person or entity to which it is addressed. Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. This e-mail and its attachments have been scanned for the presence of computer viruses. It is the responsibility of the recipient to run the virus check on e-mails and attachments before opening them. If you have received this e-mail in error, kindly delete this e-mail from desktop and server.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> _______________________________________________
> Owasp-delhi mailing list
> Owasp-delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20101029/5a9bf231/attachment-0001.html
More information about the Owasp-delhi
mailing list