[geeklog-devtalk] Remote Authentication ;-)

[Dirk Haun]

Blaine,


> This is sounding like a major change and effects all plugins and core

features. I'm not looking forward to all the work this is going to create for
me and my plugins.

Actually, if you don't change a thing in your plugins, they would continue to
work just fine. There are only two minor issues:

1) If you're displaying usernames, those may not be unique any more. E.g. two
posts by user "Mike" may be from two different users. Shouldn't be a problem
for the plugin, as it uses the UID to identify the user, but may be slightly
confusing for viewers.

2) If you identify users by their username, then you have a problem (because
they may not be unique any more). Is anyone really doing this?




> 1) Will this help address having alternative authentiation like NTLM or AD

autentication ?

I don't know anything about those authentication methods, but most likely: No.



> 2) Will there be records created for all remote users as well?


Yes. Otherwise, we'd really be breaking things.



> 3) There are at least 6 tables currently updated for a new user + any plugin

function. How will this effect plugins functions that are triggered on user
add/edit/delete.

Not an issue at all. A remotely authenticated user will show up just as any new
user that registered directly with the site.



> 4) Will site admin's have the ability to moderate and approve new users still?

>From a logical point of view, those two are mutually exclusive, IMO. If you want

full control over who is a user of your site, you'd probably disable remote
authentication anyway.


>From a technical point of view, though, this should still be possible.




> 5) Will site admin's have the ability to selectively block remote services or

disable reg users for a particular remote service

That's an important issue. Obviously, there's nothing stopping a spammer from
signing up with, say, blogger.com, and then use that identity to spam your
site.

At the very least, and I think Mike has already addressed that, it should be
possible to enable remote authentication selectively for each service.

Not sure yet how the authentication from other Geeklog sites is supposed to
work. A spammer could easily set up his own Geeklog site and we certainly don't
want them to use that identity then to spam other Geeklog sites. Mike?

We should probably also finally implement something to disable user accounts
(including remotely authenticated users).



> I can't even begin to think of how many places I access the users table

directly today in all my plugins and don't fully see yet the impact this change
will have.

As I said above, you shouldn't have to change anything, as things will continue
to work just as before.

The only change, but that is optional, would be to use yet-to-be-specified COM_
functions to get a user's display name, so that the site owner has some
influence over how those remotely authenticated users are displayed.

bye, Dirk

(sent via webmail, hence no references - sorry about that)


-- 
http://www.haun-online.de/