[drupal-devel] remote auth and required email/password fields
mark at nullcraft.org
Thu Mar 17 01:20:49 UTC 2005
Moshe Weitzman wrote:
>>> see http://alec.bohemiandrive.com/perm/2005/02/18/distributed-
>>> authentication for the vision of where we intend to go with this.
>>> noone has volunteered to code it yet.
>> Excellent read. The only concerns I would have would be with sites
>> that aren't located at or have access to the root of a domain (like
>> http://example.com/~user/drupal/). His suggestion was to make doc
>> root level assumptions about the location of various config files and
>> to use SSL for server-to-server communication, which might not be
>> available everywhere. I would think the encryption
>> method/communication channel should be configurable and allow for
>> minimum-security arrangements (assuming all site admins supported
>> this). This article definitely deserves its own thread, and from the
>> looks of it, I missed out on that thread already :(
> we really didn't discuss it much. AdrianR and I described it over
> beers and Dries nodded in approval. Perhaps you will start a thread on
> drupal.org about it. You bring up a couple legit issues. Perhaps we
> can have a fallback mechanism where we try https and if that fails, we
> use plain http ... i think the path thing is a non issue since all
> drupal requests go to index.php. i see no problem with sites in
> subdirectories, just like today.
The concern that I had was that there was no mention of allowing
"username"@"example.com:8080/~user/drupal/" to be a valid username. It
seemed like "username"@"example.com" was the only format that would
work. Specifying the port may be outside of the normal scope, but
definitely rooting the drupal install in a subdir is very common.
>> I'll have to look into this module. I'm currently dreading the
>> thought of using the ldap module to talk to an active directory
>> server for various intranet sites :(
> yeah, thats usually overkill. see webserver_auth.module as well. it is
> very simple, yet powerful. it runs on my company's intranet.
More information about the drupal-devel