[development] Token-based web service authentication to core
Boris Mann
boris at bryght.com
Tue Jan 24 20:46:45 UTC 2006
On 24-Jan-06, at 11:21 AM, Syscrusher wrote:
> 2. This sounds a lot like a miniature Kerberos. Has anyone done
> anything to
> Kerberize Drupal itself?
>
> One comment: This is probably something that, if it ends up in
> core, should
> be disabled by default and turned on by the sysadmins who want/need
> it.
> Err on the side of paranoia when it comes to authentication.
The drupal.modules DrupalAuth is insecure by default. This might
prove the basis for a replacement of that. I've indicated my desire
for Drupal to choose a federated login standard and have this in core
by default, with other solutions still being pluggable, as we have
today.
> #2 may be a dumb question; it isn't something I've had time to
> research.
> If so, please feel free to thwack me with an RTFM. :-)
I think you could build a Kerberos module.
--
Boris Mann
Vancouver 778-896-2747 San Francisco 415-367-3595
SKYPE borismann
http://www.bryght.com
More information about the development
mailing list