this post was submitted on 27 Sep 2023
24 points (92.9% liked)

Selfhosted

40041 readers
706 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
24
User management (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by Sandbag@lemmy.world to c/selfhosted@lemmy.world
 

Hey everyone,

How do you do user management, I have a small handful of users that want one password for physical machines and for web apps. I was looking at KanIDM but I was wondering what other people use?

Edit: I would like to only use one piece of software if possible.

you are viewing a single comment's thread
view the rest of the comments
[–] redcalcium@lemmy.institute 3 points 1 year ago (1 children)

I would recommend keycloak. I can basically do everything related to webapps authentication (OIDC, 2FA, etc)... except working as an LDAP/AD server, which typically used to enable login to physical machine using the network account. But, it has built-in LDAP provider support, which mean you can use OpenLDAP to host the accounts of your users (so they can use LDAP authentication on their own machine), and point keycloak to that OpenLDAP instance to allow your users to login to your webapps using their OpenLDAP account.

[–] vegetaaaaaaa@lemmy.world 1 points 1 year ago

Keycloak is nice, but probably overkill for what OP needs. Keep it simple.