[drupal-devel] remote auth and required email/password fields

Moshe Weitzman weitzman at tejasa.com
Thu Mar 17 01:05:16 UTC 2005

>> see  http://alec.bohemiandrive.com/perm/2005/02/18/distributed- 
>> authentication for the vision of where we intend to go with this. 
>> noone  has volunteered to code it yet.
> Excellent read.  The only concerns I would have would be with sites 
> that aren't located at or have access to the root of a domain (like 
> http://example.com/~user/drupal/).  His suggestion was to make doc 
> root level assumptions about the location of various config files and 
> to use SSL for server-to-server communication, which might not be 
> available everywhere.  I would think the encryption 
> method/communication channel should be configurable and allow for 
> minimum-security arrangements (assuming all site admins supported 
> this).  This article definitely deserves its own thread, and from the 
> looks of it, I missed out on that thread already :(

we really didn't discuss it much. AdrianR and I described it over beers 
and Dries nodded in approval. Perhaps you will start a thread on 
drupal.org about it. You bring up a couple legit issues. Perhaps we can 
have a fallback mechanism where we try https and if that fails, we use 
plain http ... i think the path thing is a non issue since all drupal 
requests go to index.php. i see no problem with sites in 
subdirectories, just like today.

> I'll have to look into this module.  I'm currently dreading the 
> thought of using the ldap module to talk to an active directory server 
> for various intranet sites :(
yeah, thats usually overkill. see webserver_auth.module as well. it is 
very simple, yet powerful. it runs on my company's intranet.

More information about the drupal-devel mailing list