This is where I get stuck. I’ve worked with OAuth before, and it is very web-centric. Maybe it’s possible to work around http connections, but everything I’ve read makes it clear that it was designed with web applications - and browsers - as the foundational concept.

For example, I have a memory of trying to get two servers - neither of which had anything to do with the web - to authenticate, and to use OAuth I remember having to import an http library.

It’s been an age, so I may not be remembering it correctly; but IIRC the OAuth flow is designed around web protocols.

Don’t you threaten me with Kerberos. I used to have to deal with that crap decades ago; I disliked it then, and unless it’s gotten dramatically easier to work with, it’s not an option for me now.

I hadn’t heard specifically about samba4ad, but Kerberos on LDAP (and, originally, I think, on OLAP) I’m familiar with.

I like LDAP in concept, but after using OpenLDAP for a few years when my network evolved OpenLDAP evolved out of it. It may have been secure, but a more horribly, difficult to debug piece if software, I’ve rarely met. LLDAP has changed all that, and allowed me to start using LDAP again; it may be less capable, but OpenLDAP was overkill for home gamers. LLDAP is juuuust right.

Accidentally enabling SSO sounds like a big fish tale. SSO of usually a PITA to configure and set up. Even commercial software offerings are byzantine.

So… you have applications that aren’t web apps, authenticating themselves with other applications that aren’t web applications? Not proxying for you, but literally connecting to do something, like perform a backup.

I didn’t mean to suggest that it was. I meant that the kind of people who voluntarily choose IRC are the same sorts of people who would voluntarily choose to is XMPP. While IRC is older than XMPP, it’s still the 1:1 chat protocol for old technical people.

For your phone, use a native app, like Image Toolbox. It has a lot of functions, two of which are resize-by-dimensions, and filesize.

For the desktop… GraphicsMagick? Unless you need a GUI, in which case either whatever graphics tools come with Gnome of KDE should do the job.

Huh. I just checked Fluffy, and it asks for location, camera, and phone. I just denied it everything but notifications, so VOIP won’t work, but all I use it for is chat rooms anyway.

In any case, it doesn’t look any better than Element, in that respect.

If Pocket ID and Passkeys are like most modern “solutions”, they ignore everything that isn’t web, or human. Have you hooked any services together using it? Like having Home Assistant authenticate against mpd?

Yeah, that sounds ideal. I’d prefer editing a file than administering through a web page.

I’m checking Authelia right now.

SSO is part, but not all, of the picture. There’s also multi-system passwords, for things like sudo, and non-web service authentication; most of the stuff like OAUTH is really hacky to make work outside of web environments.

I’ve considered Vault for some of the inter-service authentication, but there’s not broad support built into services and it’s yet another thing to mess with.

LDAP forms a good base for most use cases, and so keeping it as the source of truth is important for me. And then, as few other layers on top to get SSO. Authelia is looking like the best solution.

Caddy is anything but intimidating! If Authelia is anything like Caddy in ease of use, sign me up!

Yeah, I want to keep my LDAP. Whatever sits on top has to use it as a backend.

I don’t know. I don’t use Element; I wasn’t aware it requested location service access. I switched to FluffyChat ages ago; it only asks for notification.

But that’s just for group chat. I’ve been using Jami lately, and it does ask for location access; that’s because it has a “share location” feature, that - if you use it - shows a little map with your location to the person you’re sharing with. Maybe Element has implemented something similar?

Yes! I’ve used that page extensively. It doesn’t, however, address SSO.

Thanks! Two for Authentik.

That’s the one I keep seeing and thinking, maybe I should try it. Thanks for the input!

That’s interesting; the integration with SMS is a nice feature. Thanks!

They’re out there. The Venn diagram of people still choosing IRC (as opposed to being forced to use it b/c that’s where the community is) is probably just a circle.

I was a big XMPP user back in the day, but because of the lack of multi-device message syncing and the really shoddy state of encryption, I wandered away. Plus, using XML for the protocol really geeked me out. XML is a document format, and per the spec, to be well-formed it needs to have an open and matching close tag. Jabber hacked around this by making a sort of infinite document - you get the open tag, but never the close tag - and it just felt really icky.

I understand a lot of these things have since been addressed. I don’t know if XMPP still uses that bastardized version of quasi-XML without a close tag. But other things have come along that I like more. About 6 months ago I started running a client on my desktop again, but like you, nobody I knew was still using it, and nobody new was advertising it as their connection info, so… yeah. After a few months, I stopped running the client.

@Nikelui is 100% right: a chat room may be private, but it’s not secure. Even in an encrypted room, every additional person you add reduces your security. I’m sure there’s some paper out there that studies this, and that the graph of # of members vs security is an inverse power ratio.

If it’s a public chat, there is no security.

However, with Matrix, if you run your own server and restrict access to your friends, at least you can be fairly certain your chat room isn’t being used to train an LLM, or to harvest information about you for advertising.

It depends on what you are running, but at one point I had an Odroid N2+ with 8GB RAM running Home Assistant, mpd, Snap server, zwavejs, mympd, jellyfin, and Calibre, all in containers, controlling the house and providing music for the sound system, playing movies, and with no issues. It ran for 7 years. So you don’t need much; memory helps.

Oh - I take it back; after I put Jellyfin on it, it would struggle with transcoding. No GPU, old, weak CPU, whatever. But otherwise, it was fine.

At some point I realized I’d have to leave the computer with the house, because I have over 30 hardwired z-wave devices I’m not taking out if we sell, so I moved all of the services except Home Assistant and zwavejs to another computer.

My point is: old computers should be fine, assuming you’re not trying to run LLMs on them. Or going heavy video transcoding. Just for serving up some web applications? You don’t need much.

I think the diagrams for 1 and 2 are swapped.

I won’t be able to enjoy it, but I like the idea that I might be a small news item some day: man dies, continues posting to social media for two years.