So, I have a bunch of services behind Authelia, utilizing LDAP hosted on my NAS. I log in once and it carries through my other services that are secured by Authelia, which is great.
However, since my wife rarely visits these services - mostly when I send her links - she has to log in basically every time. I’ve contemplated putting our laptops on a network login backed by the same LDAP, though I haven’t started researching how to do that yet. If I do, though, is there a way to have the laptop login integrate with Authelia or another solution to prevent login prompts?
I know I could do it with Windows and AD, but we’re both on Linux, so that complicates things a bit.
You can do AD on Linux as well and have the account on her laptop be in active directory and passed along at login. I guess this can be done with other tech as well but I haven’t explored that.
You could also move to a password less approach, say only authenticator on the phone via push notification or if there’s some way to have the hardware ID be used as authentication in a password less scheme.
Edit:
A yubikey might do the trick? Then as long as that is in the laptop she won’t need to supply a password.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
You can do AD on Linux as well and have the account on her laptop be in active directory and passed along at login. I guess this can be done with other tech as well but I haven’t explored that.
You could also move to a password less approach, say only authenticator on the phone via push notification or if there’s some way to have the hardware ID be used as authentication in a password less scheme.
Edit:
A yubikey might do the trick? Then as long as that is in the laptop she won’t need to supply a password.
You could have a look at Kerberos. That’s what Microsoft took as base for AD afaik.
Authentik