Moshe Weitzman wrote:
see http://alec.bohemiandrive.com/perm/2005/02/18/distributed- authentication for the vision of where we intend to go with this. noone has volunteered to code it yet.
Excellent read. The only concerns I would have would be with sites that aren't located at or have access to the root of a domain (like http://example.com/~user/drupal/). His suggestion was to make doc root level assumptions about the location of various config files and to use SSL for server-to-server communication, which might not be available everywhere. I would think the encryption method/communication channel should be configurable and allow for minimum-security arrangements (assuming all site admins supported this). This article definitely deserves its own thread, and from the looks of it, I missed out on that thread already :(
we really didn't discuss it much. AdrianR and I described it over beers and Dries nodded in approval. Perhaps you will start a thread on drupal.org about it. You bring up a couple legit issues. Perhaps we can have a fallback mechanism where we try https and if that fails, we use plain http ... i think the path thing is a non issue since all drupal requests go to index.php. i see no problem with sites in subdirectories, just like today.
The concern that I had was that there was no mention of allowing "username"@"example.com:8080/~user/drupal/" to be a valid username. It seemed like "username"@"example.com" was the only format that would work. Specifying the port may be outside of the normal scope, but definitely rooting the drupal install in a subdir is very common.
I'll have to look into this module. I'm currently dreading the thought of using the ldap module to talk to an active directory server for various intranet sites :(
yeah, thats usually overkill. see webserver_auth.module as well. it is very simple, yet powerful. it runs on my company's intranet.
Thanks!