Samba VS OpenID

Compare Samba vs OpenID and see what are their differences.

Samba

https://gitlab.com/samba-team/samba is the Official GitLab mirror of https://git.samba.org/samba.git -- Merge requests should be made on GitLab (not on GitHub) (by samba-team)

OpenID

OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x (by OpenIDC)
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
Samba OpenID
33 14
913 976
1.6% 0.6%
10.0 9.2
7 days ago 11 days ago
C C
GNU General Public License v3.0 only Apache License 2.0
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

Samba

Posts with mentions or reviews of Samba. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-04-22.

OpenID

Posts with mentions or reviews of OpenID. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-08-14.
  • Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server
    4 projects | news.ycombinator.com | 14 Aug 2024
    > that's irrelevant to the core developers

    That's relevant to me! If I want Apache to act as an OpenID connect relying party, for example, I can just use mod_auth_openidc https://github.com/OpenIDC/mod_auth_openidc installing which is pretty much trivial and requires little work on my part:

      sudo apt install libapache2-mod-auth-openidc
  • Ask HN: How to build site with payment, subscriptions, user login, registration
    8 projects | news.ycombinator.com | 7 Aug 2024
    > I think today it would not be unreasonable to take a "microservice" kind of approach where auth is handled by some self-contained system through an API but practically you might want to be able to join stuff against your user table.

    One option for writing less code yourself might be using something like Auth0 (cloud) or Keycloak (self-hosted) with some OpenID Connect library for your tech stack, or a Relying Party implementation altogether, like: https://github.com/OpenIDC/mod_auth_openidc

  • Never Update Anything
    5 projects | news.ycombinator.com | 19 Jul 2024
    That's fair! Honestly, it's kind of cool to see how many different kinds of packages are available for Apache.

    A bit off topic, but I rather enjoyed the idea behind mod_auth_openidc, which ships an OpenID Connect Relying Party implementation, so some of the auth can be offloaded to Apache in combination with something like Keycloak and things in the protected services can be kept a bit simpler (e.g. just reading the headers provided by the module): https://github.com/OpenIDC/mod_auth_openidc

    Now, whether that's a good idea, that's debatable, but there are also plenty of other implementations of Relying Party out there as well: https://openid.net/developers/certified-openid-connect-imple...

    I am also on the fence about using mod_security with Apache, because I know for a fact that Cloudflare would be a better option for that, but at the same time self-hosting is nice and I don't have anything too precious on those servers that a sub-optimal WAF would cause me that many headaches. I guess it's cool that I can, even down to decent rulesets: https://owasp.org/www-project-modsecurity-core-rule-set/ though the OWASP Coraza project also seems nice: https://coraza.io/

  • I Love Laravel (2022)
    3 projects | news.ycombinator.com | 21 May 2024
    In my eyes, that felt like something that should be separate from any given app or back end API, so in my case I use mod_auth_openidc: https://github.com/OpenIDC/mod_auth_openidc with Keycloak: https://www.keycloak.org/

    My back end/app just gets a few headers that say who an authenticated user is, if they are logged in. When I need to log in or create a user, I can just direct them to the Keycloak SSO portal, where they can also use social login.

    It's using OpenID Connect without the insanity of dealing with the low level logic.

  • Keycloak SSO with Docker Compose and Nginx
    21 projects | news.ycombinator.com | 11 Feb 2024
    I did something similar, though picked Apache with mod_auth_openidc, which is a certified Relying Party implementation: https://github.com/OpenIDC/mod_auth_openidc

    In other words, I can protect arbitrary applications through my reverse proxy and require either certain claims/roles, or simplify auth to the point where my downstream app/API will just receive a bunch of headers like OIDC_CLAIM_sub, OIDC_CLAIM_name, OIDC_CLAIM_email through the internal network, not making me bother with configuring OIDC libraries for all of my APIs and configure them in each stack that I might use, but rather contain all of that complexity in the web server.

    Basically:

      user <==> Apache (with mod_auth_openidc) <==> API (with OIDC_ headers, if logged in)
  • What Is OIDC?
    3 projects | news.ycombinator.com | 21 Dec 2023
  • Easy to use OpenID Connect client and server library written for Go
    6 projects | news.ycombinator.com | 1 Dec 2023
    otherwise connections would randomly drop. I was looking for other ways to make development a bit easier and also settled on mod_auth_openidc, which is an Apache module that lets it act like a Relying Party and handle lots of the heavy lifting (protecting endpoints, refreshing tokens etc.) for me, and lets me work with just a few headers that are passed to the protected resources: https://github.com/OpenIDC/mod_auth_openidc

    It works, but I'm still not happy - I realize that there are many types of attacks that have historically been a problem and that certain OpenID Connect flows try to protect against, in addition to the fact that if I wrote my own security code it'd almost certainly be worse and have vulnerabilities (in the words of Eoin Woods: "Never invent security technology"), and it's a good thing to follow standards... but the whole thing is such a pain. Both OpenID Connect, Keycloak and configuring mod_auth_openidc.

    Right now I'm moving permissions/roles from Keycloak back into the app DB, with references to the Keycloak user IDs, because I don't want to have to work with the Keycloak REST API every time I want to change what a user can or cannot do in the system, in addition to permissions which might only apply conditionally (one user might be related to multiple organizations, having different permissions in the context of each).

    Regardless, it's nice that there are more pieces of software out there to choose from!

  • Show HN: Obligator – An OpenID Connect server for self-hosters
    18 projects | news.ycombinator.com | 11 Oct 2023
    Personally I went with Keycloak, because it's fairly well documented and also has Docker images available: https://www.keycloak.org/getting-started/getting-started-doc... although the fact that they want you to create an "optimized" image yourself and have a long build/setup process on startup instead is slightly annoying: https://www.keycloak.org/server/containers

    Regardless, with something like mod_auth_openidc or another Relying Party implementation, all of the sudden authn/authz becomes easier to manage (you can literally get user information including roles in headers that are passed from your gateway/relying party to apps behind the reverse proxy), regardless of what you have actually running in your APIs: https://github.com/OpenIDC/mod_auth_openidc (there are other options, of course, but I went with that because I already use mod_md).

    It's actually cool that there are plentiful options in the space, since OIDC is pretty complex in of itself and attempts at creating something pleasant to actually use are always welcome, I've also heard good things about Authentik: https://goauthentik.io/

  • Password protect a static HTML page
    20 projects | news.ycombinator.com | 18 Feb 2023
    > The user experience with basic auth is not so good.

    Apache actually also has an OpenID Connect module, which you can enable to have it work as a relying party: https://github.com/zmartzone/mod_auth_openidc

    Basically, the actual UI will be handled by another system that you might be using, for example, in my case that might be a self-hosted Keycloak instance: https://www.keycloak.org/

    I'd say that Keycloak is a pretty good solution in general, because it does some of the heavy lifting for you, maybe its shorter release cycle not being the best thing ever, though. I think IdentityServer also tried to fill this niche, but they went full on commercial recently, without OSS offerings.

  • SSO - For Plex, Emby and AudioBookShelf etc... How are you exposing these for remote access?
    3 projects | /r/selfhosted | 14 Nov 2022
    E.g. for Apache httpd there's mod_auth_openidc available.

What are some alternatives?

When comparing Samba and OpenID you can also consider the following projects:

Nextcloud - ☁️ Nextcloud server, a safe home for all your data

FreeIPA - Mirror of FreeIPA, an integrated security information management solution

syncthing - Open Source Continuous File Synchronization

LDAP Account Manager (LAM) - LDAP Account Manager

minio - MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license.

easy-rsa - easy-rsa - Simple shell based CA utility

Pomerium - Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.

ownCloud - :cloud: ownCloud web server core (Files, DAV, etc.)

BounCA - BounCA is a web tool to generate self-signed SSL certificates and setup a key infrastructure

Seafile - High performance file syncing and sharing, with also Markdown WYSIWYG editing, Wiki, file label and other knowledge management features.

OSIAM

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Did you konow that C is
the 7th most popular programming language
based on number of metions?