So, I have a bunch of services behind Authelia, utilizing LDAP hosted on my NAS. I log in once and it carries through my other services that are secured by Authelia, which is great.
However, since my wife rarely visits these services - mostly when I send her links - she has to log in basically every time. I’ve contemplated putting our laptops on a network login backed by the same LDAP, though I haven’t started researching how to do that yet. If I do, though, is there a way to have the laptop login integrate with Authelia or another solution to prevent login prompts?
I know I could do it with Windows and AD, but we’re both on Linux, so that complicates things a bit.
You can do AD on Linux as well and have the account on her laptop be in active directory and passed along at login. I guess this can be done with other tech as well but I haven’t explored that.
You could also move to a password less approach, say only authenticator on the phone via push notification or if there’s some way to have the hardware ID be used as authentication in a password less scheme.
Edit:
A yubikey might do the trick? Then as long as that is in the laptop she won’t need to supply a password.
You could have a look at Kerberos. That’s what Microsoft took as base for AD afaik.