[support] Odd Login on my system.

[Skip Taylor]

On 1/18/06, Kobus Myburgh <itbjdm at puknet.puk.ac.za> wrote:
> Hi,
>
> As you already know, the drupal module allows for distributed authentication. You can read more about that here: http://www.yourdrupalsite.com/admin/help/system

Yes, I'm aware of what it does just couldn't remember what it was called.

> What happened in your case is that the person registered on your site, but then used the > Drupal login to log in to your site.

That is what I thought at first too. The login name was not in use on
my system so he had no way to do the distributed authentication login
using my domain as the dist/auth site. Drupal had no way to authorize
him without the name existing. That's what worries me.

I've since disabled the drupal module.

> I have a few of those cases on my joke site. What I usually do if I don't want to allow
> distributed authentication is that I edit the welcome messages to NOT include that part of
> the message that they can log in with that information. If a user doesn't know about
> distributed authentication and you have disabled it, he can't log in that way.
>
> Regards,
>
> Kobus
>
>
> >>> avskip at gmail.com 1/18/2006 10:36:04 PM >>>
> I'm not sure of the terminology used for this, but I had a login
> similar to this on my system.
>
> someone at www.mydomain.com
>
> I understand that it's used to do a shared login from another site
> where 'someone' is registered and that's ok.  But the person had *my*
> domain after the @ sign, not another domain!  The name before the @
> sign wasn't anywhere in my user list.
>
> Any idea what went on here?  The logs aren't very helpful. I'm using
> Drupal 4.6.5 and have disabled the Drupal module for now. I think
> that's what controls this being available or not.