[horde] Imp authorization and user maintenance

Ned Zimmerman nzimmerm at sulfur.scs.uiuc.edu
Wed Dec 18 13:30:08 PST 2002 

> How do you plan on telling who is authenticating (I think I've asked 
> this
> before ;). Here's a different modified version of my real loginscreen
> function:
>
> if (!function_exists('_horde_select_loginscreen')) {
>     function _horde_select_loginscreen()
>     {
>         if ($_SERVER['SERVER_NAME'] == 'sql-logins.horde.org') {
>             return 'sql';
>         }
>         return 'imp';
>     }
> }
>
> Note how I return a different driver based on the URL. Can you use
> something like that to distinguish these users? If not, what do you 
> have in
> mind to be able to tell them apart?

OK, this is what I thought I was going to have to do, but I wasn't sure 
if something was already built into the code that I was not aware of in 
order to allow this kind of distinguishing between logons.  I'm not 
sure I'll be able to use the 'SERVER_NAME' variable, but I might be 
able to use the 'REQUEST_URI' variable.  I haven't had time to try this 
out yet.

Another possibility I had thought of, but don't have time to 
investigate right now, is to set up a sort of "fall through" 
authentication driver similar to the composite driver.  For discussion 
purposes I call the Multi driver.  The Multi driver would take an array 
of possible drivers to use for authentication as passed from conf.php 
(with the appropriate parameters for each driver), and then attempt to 
authenticate the username and credentials against each back end in 
their order as passed to the Multi driver by conf.php.  This would 
allow the horde administrator to specify which authentication widgets 
should be tried and in which order.

The one downside I possibly see to this is that if someone has the same 
username/password combo present on more than one authentication back 
end, then only the first back end would authenticate, possibly 
preventing the user from obtaining permissions/settings available 
though a  back end further down the authentication priority list.

I'm sure there are other downsides to doing this that I haven't thought 
of yet, and I would be very interested in hearing others thoughts on 
this.  Would it even be worth something looking into?

Chuck, thanks for comments and suggestions.  At least now I have more 
confidence that I actually had some idea of what was going on with the 
composite driver (not that I fully understand it yet, mind you.)

Ned

More information about the horde mailing list