[dev] horde auth - password
Chuck Hagenbuch
chuck@horde.org
Thu, 31 May 2001 13:50:11 -0400
Quoting Jan Schneider <janmailing@gmx.de>:
> perhaps it makes sense to build some sort of password container for horde. If
> a user authenticates against horde with horde's configured auth mechanism
> (imap, ftp, mcal whatever) every horde app can get the necessary password from
> this container.
>
> You then only have to authenticate once and can use gollem, imp, a forward or
> a password change module without authenticating again.
My idea has been to build a Credentials class which encapsulates the idea of an
account - able to hold whatever information you need, username, password,
server, etc. - and then to store them somewhere. You'd unlock them with a
passphrase, using a mechanism similar to the Secret:: class, so they could be
encrypted in storage.
That way you'd authenticate, and at some point enter your passphrase, and all
of your account info would be available when needed.
I'd rather not store passwords in Horde sessions.
-chuck
--
Charles Hagenbuch, <chuck@horde.org>
Black and white and grey, all the shades of truth.