[drupal-devel] remote auth and required email/password fields
Moshe Weitzman
weitzman at tejasa.com
Thu Mar 17 01:05:16 UTC 2005
>> see http://alec.bohemiandrive.com/perm/2005/02/18/distributed-
>> authentication for the vision of where we intend to go with this.
>> noone has volunteered to code it yet.
>
> Excellent read. The only concerns I would have would be with sites
> that aren't located at or have access to the root of a domain (like
> http://example.com/~user/drupal/). His suggestion was to make doc
> root level assumptions about the location of various config files and
> to use SSL for server-to-server communication, which might not be
> available everywhere. I would think the encryption
> method/communication channel should be configurable and allow for
> minimum-security arrangements (assuming all site admins supported
> this). This article definitely deserves its own thread, and from the
> looks of it, I missed out on that thread already :(
>
>>
we really didn't discuss it much. AdrianR and I described it over beers
and Dries nodded in approval. Perhaps you will start a thread on
drupal.org about it. You bring up a couple legit issues. Perhaps we can
have a fallback mechanism where we try https and if that fails, we use
plain http ... i think the path thing is a non issue since all drupal
requests go to index.php. i see no problem with sites in
subdirectories, just like today.
> I'll have to look into this module. I'm currently dreading the
> thought of using the ldap module to talk to an active directory server
> for various intranet sites :(
>
yeah, thats usually overkill. see webserver_auth.module as well. it is
very simple, yet powerful. it runs on my company's intranet.
More information about the drupal-devel
mailing list