So, I have a bunch of services behind Authelia, utilizing LDAP hosted on my NAS. I log in once and it carries through my other services that are secured by Authelia, which is great.
However, since my wife rarely visits these services - mostly when I send her links - she has to log in basically every time. I’ve contemplated putting our laptops on a network login backed by the same LDAP, though I haven’t started researching how to do that yet. If I do, though, is there a way to have the laptop login integrate with Authelia or another solution to prevent login prompts?
I know I could do it with Windows and AD, but we’re both on Linux, so that complicates things a bit.
You could have a look at Kerberos. That’s what Microsoft took as base for AD afaik.
Authentik
You can do AD on Linux as well and have the account on her laptop be in active directory and passed along at login. I guess this can be done with other tech as well but I haven’t explored that.
You could also move to a password less approach, say only authenticator on the phone via push notification or if there’s some way to have the hardware ID be used as authentication in a password less scheme.
Edit:
A yubikey might do the trick? Then as long as that is in the laptop she won’t need to supply a password.