Basically every local service is accessed via a web interface, and every interface wants a username and password. Assuming none of these services are exposed to the internet, how much effort do you put into security here?
Personally, I didn’t really think about it when I started. I make a half-assed effort at security where I don’t use “admin” or anything obvious as the username, and I use a decent-but-not-industrial password - but I started reusing the u/p as the number of services I’m running grew. I have my browsers remember the u/ps.
Should one go farther than this? And if so, what’s the threat model? Is there an easier way?

  • corroded@lemmy.worldEnglish
    4·
    1 month ago

    Like several people here, I’ve also been interested in setting up an SSO solution for my home network, but I’m struggling to understand how it would actually work.

    Lets say I set up an LDAP server. I log into my PC, and now my PC “knows” my identity from the LDAP server. Then I navigate to the web UI for one of my network switches. How does SSO work in this case? The way I see it, there are two possible solutions.

    • The switch has some built-in authentication mechanism that can authenticate with the LDAP server or something like Keycloak. I don’t see how this would work as it relies upon every single device on the network supporting a particular authentication mechanism.
    • I log into and authenticate with an HTTP forwarding server that then supplies the username/password to the switch. This seems clunky but could be reasonably secure as long as the username/password is sufficiently complex.

    I generally understand how SSO works within a curated ecosystem like a Windows-based corporate network that uses primarily Microsoft software for everything. I have various Linux systems, Windows, a bunch of random software that needs authentication, and probably 10 different brands of networking equipment. What’s the solution here?