On 24-Jan-06, at 11:21 AM, Syscrusher wrote:
2. This sounds a lot like a miniature Kerberos. Has anyone done anything to Kerberize Drupal itself?
One comment: This is probably something that, if it ends up in core, should be disabled by default and turned on by the sysadmins who want/need it. Err on the side of paranoia when it comes to authentication.
The drupal.modules DrupalAuth is insecure by default. This might prove the basis for a replacement of that. I've indicated my desire for Drupal to choose a federated login standard and have this in core by default, with other solutions still being pluggable, as we have today.
#2 may be a dumb question; it isn't something I've had time to research. If so, please feel free to thwack me with an RTFM. :-)
I think you could build a Kerberos module. -- Boris Mann Vancouver 778-896-2747 San Francisco 415-367-3595 SKYPE borismann http://www.bryght.com