[geeklog-devtalk] [Feature] Distributed Authentication

[Blaine Lang]

Dirk, Mike:

I have added NT and AD authentication for clients using a custom 
authentication script and only need to make one change to Core GL files and 
that was to lib-sessions.php. Well I added a config.php parm as well so I 
could toggle the custom authetication and GL authentication modes.

The mod was to SESS_sessionCheck.
At the first check if a users cookie 'cookie_session' exists. We won't for 
new users but instead of defauilting to the else part in this function added 
a }elseif { and checked if the custom authentication mode was enabled. If so 
then execute the custom autentication function.

This function then does the necessary AD or NTLM authentication and if 
sucessful, creates the $_USER array - calls SESS_getUserData(), creates the 
cookie, updates the session table and user login field etc.

Appears to work fine - we even create the GL user records if this user does 
not already exist in GL. In our Intranet client use, the users that are 
already logged into the LAN just have to access the site and they are logged 
in automatically.

Could this not be how we add the distributed authentication as well?

Blaine
----- Original Message ----- 
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devtalk at lists.geeklog.net>
Sent: Monday, January 31, 2005 3:16 PM
Subject: Re: [geeklog-devtalk] [Feature] Distributed Authentication


Mike,


>This provides Distributed Authentication for geeklog. i.e. you can login to

>my

>geeklog instance (http://www.fuckingbrit.com) with an account on a remote

>server currently, it only supports blogger. You can login with

>username at blogger.com.


Okay, I haven't looked at it AT ALL, so please bare with me ...



>The reason behind this is that people don't like to sign up at every site 

>in

>the universe to publish a single comment, or submit a single forum thread.


Right. I was actually hoping to look into TypeKey one day to see if that
would be usable for us. The homepage, <https://www.typekey.com/>, still
says that they will publish documentation some day, but apparently they
already have:

<http://www.movabletype.org/docs/tk-apps.html>

Since you obviously spent some time with Geeklog's authentication
already: Do you think this would be usable?



>So my questions are, is this something that will make it into CVS?


At first view, it seems to make a lot of changes in sensitive places, so
I'm reluctant before I had a chance for a closer look ...



>What kind of timeframe is 1.3.12 on?


The usual: "When its done". Maybe some time in Q1 ...


On a technical note: You included an XML-RPC lib in your patch. Geeklog
1.3.12 already relies on PEAR::XML_RPC for the Ping and Pingback stuff,
so that would not be needed. And PEAR::XML_RPC is pretty much
Usefulinc.com's old XML-RPC lib anyway, so it's 99% compatible.

bye, Dirk


-- 
http://www.haun-online.de/
http://geeklog.info/

_______________________________________________
geeklog-devtalk mailing list
geeklog-devtalk at lists.geeklog.net
http://lists.geeklog.net/listinfo/geeklog-devtalk