[imp] auth question
Eric Jon Rostetter
eric.rostetter@physics.utexas.edu
Thu, 28 Jun 2001 15:56:23 -0500 (CDT)
Quoting Jan Schneider <janmailing@gmx.de>:
> Currently there's no way to have one login for all horde apps, because
> some backends behind the apps (imap server, local filesystem) need an own
> authentication.
True, this is a sticky issue. The only clean solution I see is to make some
"generic" authentication modules that can be tailored as needed. Using this
approach one could setup one authentication source, and have all the modules
use it; or one could set up multiple authentication sources and have different
modules use different authentication sources (via their config files).
In other words, similar to the way in horde 1.2.x and imp 2.2.x you could
pick from multiple databases for your store, we need a way to pick from
multiple authentication sources (ldap, imap password, local filesystem,
kerberos, nt domain, nis, etc) via the config files. Unlike with the databases
though were you would normally use the same database throughout, here you
would want to allow each module to select any of the authentication source
independent of the other modules (though they all *could* use the same one
as well).
> We already discussed having a sort of login repository that contains all
> of the users logins and stores them in a secret way so that you only have to
> login once. But there's no work done yet.
This would be an alternative to what I propose above. However, it assumes
that everything authenticates with a username and password, which may not
be the case. So a "plug-in" type scheme like I (attempted) to propose above
may actually be more flexible.
In my horde (1.2) setup I have now, I actually modified everything to
authenticate off the imap server. IMP, Jonah, Horde, and other none-horde
components I've tossed in the mix all authenticate via the IMAP server.
I'd like to be able to keep this setup when I move to the new horde/imp
software (and I will). It would be nice if there was an easy way to do so,
rather than my having to change code in the components. Config file changes
are always preferable to code changes. Writing my own plug-in type module
for a function is always preferable to code changes in the distributed
software.
Just my 2 cents...
> Jan.
>
> Zitat von "Robin P. Blanchard" <Robin_Blanchard@gactr.uga.edu>:
>
> > i've got horde/imp 2.3.7-cvs (from earlier today) installed and
> > running just great on a freebsd-4.3stable box with apache-1.3.20 and
> > php-4.0.5
> >
> > i'm trying to figure out the best way for horde to have some sort of
> > unified
> > login.
> >
> > in horde/config/registry.php i uncommented the following two lines
> >
> > $this->registry['auth']['login'] = 'imp';
> > $this->registry['auth']['logout'] = 'imp';
> >
> > which thus seems to make horde use imp as it's default auth module.
> > that's great as i now don't have to separately configure an auth
> > mechanism for addressbook (which is working great against our ldap
> server).
> >
> > the ftp module is still wanting another login/auth, though. all of
> our
> > users have a unified password via ldap. so i'd much rather have one
> auth
> > mechanism be passed along through all the horde modules.
> >
> > what is the advised means of accomplishing this (logging in to horde
> > allows access to all horde modules)?
> >
> > thanks in advance.
> >
> >
> >
> > --
> > ------------------------------------
> > Robin P. Blanchard
> > IT Program Specialist
> > Georgia Center for Continuing Ed.
> > fon: 706.542.2404 fax: 706.542.6546
> > email: Robin_Blanchard@gactr.uga.edu
> > ------------------------------------
> >
> > --
> > IMP mailing list: http://horde.org/imp/
> > Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
> > Frequently Asked Questions: http://horde.org/faq/
> > To unsubscribe, mail: imp-unsubscribe@lists.horde.org
> >
> >
>
>
> ::::::::::::::::::::::::::::::::::::::::
> AMMMa AG - discover your knowledge
> :::::::::::::::::::::::::::
> Detmolder Str. 25-33 :: D-33604 Bielefeld
> fon +49.521.96878-0 :: fax +49.521.96878-20
> http://www.ammma.de
> ::::::::::::::::::::::::::::::::::::::::::::::
>
> --
> IMP mailing list: http://horde.org/imp/
> Archive: http://marc.theaimsgroup.com/?l=imp&r=1&w=2
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe@lists.horde.org
>
Eric Jon Rostetter
The Department of Physics
The University of Texas at Austin
Austin, Texas 78712-1081
Office: RLM 7.126
Telephone: 512-471-5821
Email: eric.rostetter@physics.utexas.edu