Hi,
As you already know, the drupal module allows for distributed authentication. You can read more about that here: http://www.yourdrupalsite.com/admin/help/system
What happened in your case is that the person registered on your site, but then used the Drupal login to log in to your site. I have a few of those cases on my joke site. What I usually do if I don't want to allow distributed authentication is that I edit the welcome messages to NOT include that part of the message that they can log in with that information. If a user doesn't know about distributed authentication and you have disabled it, he can't log in that way.
Regards,
Kobus
avskip@gmail.com 1/18/2006 10:36:04 PM >>>
I'm not sure of the terminology used for this, but I had a login similar to this on my system.
someone@www.mydomain.com
I understand that it's used to do a shared login from another site where 'someone' is registered and that's ok. But the person had *my* domain after the @ sign, not another domain! The name before the @ sign wasn't anywhere in my user list.
Any idea what went on here? The logs aren't very helpful. I'm using Drupal 4.6.5 and have disabled the Drupal module for now. I think that's what controls this being available or not. -- [ Drupal support list | http://lists.drupal.org/ ]
On 1/18/06, Kobus Myburgh itbjdm@puknet.puk.ac.za wrote:
Hi,
As you already know, the drupal module allows for distributed authentication. You can read more about that here: http://www.yourdrupalsite.com/admin/help/system
Yes, I'm aware of what it does just couldn't remember what it was called.
What happened in your case is that the person registered on your site, but then used the > Drupal login to log in to your site.
That is what I thought at first too. The login name was not in use on my system so he had no way to do the distributed authentication login using my domain as the dist/auth site. Drupal had no way to authorize him without the name existing. That's what worries me.
I've since disabled the drupal module.
I have a few of those cases on my joke site. What I usually do if I don't want to allow distributed authentication is that I edit the welcome messages to NOT include that part of the message that they can log in with that information. If a user doesn't know about distributed authentication and you have disabled it, he can't log in that way.
Regards,
Kobus
avskip@gmail.com 1/18/2006 10:36:04 PM >>>
I'm not sure of the terminology used for this, but I had a login similar to this on my system.
someone@www.mydomain.com
I understand that it's used to do a shared login from another site where 'someone' is registered and that's ok. But the person had *my* domain after the @ sign, not another domain! The name before the @ sign wasn't anywhere in my user list.
Any idea what went on here? The logs aren't very helpful. I'm using Drupal 4.6.5 and have disabled the Drupal module for now. I think that's what controls this being available or not.
-
Kobus Myburgh -
Skip Taylor