Skip to:
Content
Pages
Categories
Search
Top
Bottom

Better support for HTPP authentication, especially Kerberos/SPNEGO variety

  • @oakad

    Member

    Single Sign-on is a very convenient feature to have in an organization, and for web services (on apache, at least) it’s very conveniently provided by mod_auth_kerb.

    However, there is a problem preventing its use with bbPress, namely user name handling.

    Kerberos user names are of the form user@DOMAIN.TLD. bbPress username sanitization rules are too strict and strip the ‘@’ character outright. And anyway, domain concept is not supported throughout the code and in underlying database.

    Moreover, the whole HTTP auth support (purportedly, a basic thing in any web app) relies on external and somewhat broken plugin (it uses bb_user_exists deprecated function, which is not working properly in 1.0, or at least it seems so to me).

    In my most extant dreams (phpbb style :-), SPNEGO auth plugin should be also able to query an LDAP database (which is most often present in such set-ups) for extra user info.

Viewing 2 replies - 1 through 2 (of 2 total)
  • @jason_jm

    Member

    Having a self contained username universe (pretty usernames) and not relying on composite user+domain login can be useful.

    Either way there is an Ldap plugin for WordPressmu: http://wpmuldap.frozenpc.net/

    @oakad

    Member

    I’m aware of this plugin.

    What can be really handy is HTTP auth plugin, which can live with user@domain usernames and will do LDAP queries on behalf of already authenticated user.

    The actual authentication is performed by the browser using a local kerberos context, so there’s no need to type in passwords and such.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.
Skip to toolbar