[dev] Admin user - pseudo account
Kevin Myer
kevin_myer at iu13.org
Wed Jun 15 06:35:10 PDT 2005
Hello,
An idea I had to simplify administration and setup, and hopefully prevent
lockout of an Admin user, would be to have a pseudo Admin account, that exists
regardless of the authentication backend. The account would function in a
manner similar to the rootdn config in OpenLDAP, or a Directory Manager account
in other directories. The account doesn't really exist in the directory tree,
but just in a config file. The same would be true for a Horde admin user - the
pseudo-admin user would exist only in horde/conf.php (and you'd probably have
to add a admin password config item too). You could also have more than one
admin user - the psuedo-admin and one or more from your authentication backend.
During login, you'd check the username first against the contents of
$conf['auth']['admins'], if there was a match, you'd verify the password
against $conf['auth']['admins']['password'] (essentially short circuiting the
normal authentication process), otherwise, continue with normal authentication.
Or, you leave $conf['auth']['admins'] as is, and add a new config option -
$conf['auth']['pseudoadmin']. admins would be for "real" Horde users, and the
pseudoadmin would be for an account thats independent of anything else.
Now even if the admin user totally screwed up the Setup and Config of Horde,
particularly with an authentication backend, or a database, he could still
login and undo his changes, because his username and password are independent
of anything else.
Kevin
--
Kevin M. Myer
Senior Systems Administrator
Lancaster-Lebanon Intermediate Unit 13 http://www.iu13.org
More information about the dev
mailing list