[geeklog-devtalk] Adding a couple plugin functions

[Turias]

Thanks for the reply, Tony.

Hmm, that seems much more complicated than what I was going for, yet it 
looks like it would be quite a nice addition to the Geeklog core.  I'm 
still not convinced, though, that your solution and my solution are 
mutually exclusive.  My proposed change wouldn't only be used for 
Single Sign-On, as integrated Geeklog plugins that do not have anything 
to do with SSO could use it to set cookies and perform login/logout 
tasks, too.  Plus, it would only require adding 2 lines to users.php.  

:)


- Turias



On Jun 30, 2004, at 2:52 PM, Tony Bibbs wrote:


> What you want is Single Sign-On.  There are a few things I'd recommend 

> before we got to the point of discussing plugin API changes.

>

> 1) Geeklog 1.3.x's core should modularize the login.  Doing so would 

> encourage others to write authenticators against things like LDAP, AD, 

> etc.  By making it modular, you could also add some custom handling 

> there.

> 2) SSO is a complicated security topic.  Most for-profit 

> implementations use Kerberos tickets, others such as what I plan to do 

> with Auth_Enterprise, will issue their own SSO token that can be used 

> by federated applications (i.e. applications that trust one another) 

> to authenticate a user.

> 3) As I eluded to above, SSO support is something I plan to get into 

> Auth_Enterprise (see 

> http://www.tonybibbs.com/index.php?topic=auth_ent).  I won't have time 

> to get to SSO anytime in the next couple of weeks but if you are 

> interested in tacking a crack at it I can point you in the right 

> direction.  It has been my intention that after I get Auth_Enterprise 

> to a stable state I would hack options support for it into 1.3.x 

> (which would require me or someone to take care of item #1 above).

>

> This probably does itch your short-term scratch but I wanted to offer 

> up some of my thoughts and give you a chance to help with the longer 

> term vision if you have the time.

>

> --Tony

>

> Turias wrote:

>

>> It just doesn't seem possible to accomplish what I need to do using 

>> the current Geeklog plugin architecture.

>>

>> Basically, my plugin needs to set login-related cookies for use by 

>> applications other than the main Geeklog install.  For example, I 

>> have considered using this to write a plugin that allows you to do 

>> the following:

>>

>> 1) The user logs into a Geeklog instance A

>> 2) On login, the plugin sets login cookies for Geeklog instances B 

>> and C

>> 3) Now the user can visit all three Geeklog instances seamlessly 

>> without logging in three separate times.

>>

>> Of course, this would only work if all Geeklog instances are located 

>> on the same domain and would preferably require some extra user 

>> profile synchronizations.  Theoretically, this functionality could 

>> also be used to bridge access to third party apps with minimum work.

>>

>> Unfortunately, there currently isn't any way for a plugin to do this. 

>>  I could probably hack something together in the user.php and 

>> lib-common.php files, but this doesn't seem like a good way to 

>> distribute plugins.  Having plugin functions called on login and 

>> logout could be quite powerful for plugin developers.

>>

>> Please let me know if you think there is a better way to do this.  It 

>> seems to me, though, that this would be the cleanest way of going 

>> about things.

>>

>> Thanks,

>> Turias

>>

>>

>>

>> On Jun 29, 2004, at 1:13 PM, Tony Bibbs wrote:

>>

>>> <snip>

>>> I recently began working on a plugin that needs to set and delete 

>>> cookies when the user logs in and out of GeekLog.  Unfortunately, 

>>> this does not seem possible with the current GL code.

>>> </snip>

>>>

>>> Why doesn't it work exactly?

>>>

>>> --Tony

>>>

>>> Turias wrote:

>>>

>>>> No one has anything to say about this?

>>>>

>>>> - Turias

>>>>

>>>>

>>>> On Jun 25, 2004, at 7:48 PM, Turias wrote:

>>>>

>>>>> Hey everyone,

>>>>>

>>>>> I recently began working on a plugin that needs to set and delete 

>>>>> cookies when the user logs in and out of GeekLog.  Unfortunately, 

>>>>> this does not seem possible with the current GL code.  I would 

>>>>> like to propose the following be added to the core:

>>>>>

>>>>> 1) The addition of the following plugin functions:

>>>>>

>>>>> plugin_login_<plugin name>

>>>>>

>>>>> and

>>>>>

>>>>> plugin_logout_<plugin name>

>>>>>

>>>>> These functions would return nothing.

>>>>>

>>>>>

>>>>> 2) A modification to users.php which would call the aforementioned 

>>>>> functions when a user logs in or out of the system.

>>>>>

>>>>>

>>>>> I could code this up, as it would be pretty easy to do.  What does 

>>>>> everyone think?  Do people see any utility in this?

>>>>>

>>>>> - Turias

>>>>>

>>>>> _______________________________________________

>>>>> geeklog-devtalk mailing list

>>>>> geeklog-devtalk at lists.geeklog.net

>>>>> http://lists.geeklog.net/listinfo/geeklog-devtalk

>>>>

>>>>

>>>>

>>>> _______________________________________________

>>>> geeklog-devtalk mailing list

>>>> geeklog-devtalk at lists.geeklog.net

>>>> http://lists.geeklog.net/listinfo/geeklog-devtalk

>>>

>>>

>>> _______________________________________________

>>> geeklog-devtalk mailing list

>>> geeklog-devtalk at lists.geeklog.net

>>> http://lists.geeklog.net/listinfo/geeklog-devtalk

>>

>>

>> _______________________________________________

>> geeklog-devtalk mailing list

>> geeklog-devtalk at lists.geeklog.net

>> http://lists.geeklog.net/listinfo/geeklog-devtalk

>

> _______________________________________________

> geeklog-devtalk mailing list

> geeklog-devtalk at lists.geeklog.net

> http://lists.geeklog.net/listinfo/geeklog-devtalk