Info
- 3 posts
- 2 voices
- Started 2 years ago by oakad
- Latest reply from oakad
Better support for HTPP authentication, especially Kerberos/SPNEGO variety
-
Single Sign-on is a very convenient feature to have in an organization, and for web services (on apache, at least) it's very conveniently provided by mod_auth_kerb.
However, there is a problem preventing its use with bbPress, namely user name handling.
Kerberos user names are of the form user@DOMAIN.TLD. bbPress username sanitization rules are too strict and strip the '@' character outright. And anyway, domain concept is not supported throughout the code and in underlying database.
Moreover, the whole HTTP auth support (purportedly, a basic thing in any web app) relies on external and somewhat broken plugin (it uses bb_user_exists deprecated function, which is not working properly in 1.0, or at least it seems so to me).
In my most extant dreams (phpbb style :-), SPNEGO auth plugin should be also able to query an LDAP database (which is most often present in such set-ups) for extra user info.
-
- Posted 2 years ago #
Having a self contained username universe (pretty usernames) and not relying on composite user+domain login can be useful.
Either way there is an Ldap plugin for WordPressmu: http://wpmuldap.frozenpc.net/
-
I'm aware of this plugin.
What can be really handy is HTTP auth plugin, which can live with user@domain usernames and will do LDAP queries on behalf of already authenticated user.
The actual authentication is performed by the browser using a local kerberos context, so there's no need to type in passwords and such.
-
You must log in to post.
