Privilege Management

These are various privilege management tools that I either find useful or that I think would be useful to look at.

Linux Servers

  • sudo_pair: A plugin for sudo which requires another user to approve the session and also allows the approving user to monitor the session.
  • Google HIBA: HIBA is a system built on top of regular OpenSSH certificate-based authentication that allows to manage flexible authorization of principals on pools of target hosts without the need to push customized authorized_users files periodically. Announced on the Google Open Source Blog here.

Web Servers

  • Vouch Proxy: An SSO solution for Nginx using the auth_request module. Vouch Proxy can protect all of your websites at once.
  • Pomerium: Pomerium is an identity-aware proxy that enables secure access to internal applications. Pomerium provides a standardized interface to add access control to applications regardless of whether the application itself has authorization or authentication baked-in. Pomerium gateways both internal and external requests, and can be used in situations where you’d typically reach for a VPN. Freemium model.
  • Authelia: Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies like nginx, Traefik or HAProxy to let them know whether requests should either be allowed or redirected to Authelia’s portal for authentication.

Leave a Reply

Your email address will not be published. Required fields are marked *