[oakad]

Single Sign-on is a very convenient feature to have in an organization, and for web services (on apache, at least) it’s very conveniently provided by mod_auth_kerb.

However, there is a problem preventing its use with bbPress, namely user name handling.

Kerberos user names are of the form user@DOMAIN.TLD. bbPress username sanitization rules are too strict and strip the ‘@’ character outright. And anyway, domain concept is not supported throughout the code and in underlying database.

Moreover, the whole HTTP auth support (purportedly, a basic thing in any web app) relies on external and somewhat broken plugin (it uses bb_user_exists deprecated function, which is not working properly in 1.0, or at least it seems so to me).

In my most extant dreams (phpbb style , SPNEGO auth plugin should be also able to query an LDAP database (which is most often present in such set-ups) for extra user info.

[Jason Giedymin]

Having a self contained username universe (pretty usernames) and not relying on composite user+domain login can be useful.

Either way there is an Ldap plugin for WordPressmu: http://wpmuldap.frozenpc.net/

[oakad]

I’m aware of this plugin.

What can be really handy is HTTP auth plugin, which can live with user@domain usernames and will do LDAP queries on behalf of already authenticated user.

The actual authentication is performed by the browser using a local kerberos context, so there’s no need to type in passwords and such.