[development] Token-based web service authentication to core

Boris Mann boris at bryght.com
Tue Jan 24 20:46:45 UTC 2006

On 24-Jan-06, at 11:21 AM, Syscrusher wrote:

> 2. This sounds a lot like a miniature Kerberos. Has anyone done  
> anything to
>    Kerberize Drupal itself?
> One comment: This is probably something that, if it ends up in  
> core, should
> be disabled by default and turned on by the sysadmins who want/need  
> it.
> Err on the side of paranoia when it comes to authentication.

The drupal.modules DrupalAuth is insecure by default. This might  
prove the basis for a replacement of that. I've indicated my desire  
for Drupal to choose a federated login standard and have this in core  
by default, with other solutions still being pluggable, as we have  

> #2 may be a dumb question; it isn't something I've had time to  
> research.
> If so, please feel free to thwack me with an RTFM. :-)

I think you could build a Kerberos module.

Boris Mann
Vancouver 778-896-2747 San Francisco 415-367-3595
SKYPE borismann

More information about the development mailing list