[Xerte-dev] Re: Using Two Authentication Methods

Julian Tenney Julian.Tenney at nottingham.ac.uk
Fri May 17 09:41:14 BST 2013


They are, yes, I tested. I can see that if we leave it in, people will end up letting private users onto their systems, and that's not really a good thing. We get asked all the time and always say 'no',

From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: 17 May 2013 09:40
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: Using Two Authentication Methods

Not sure about leaving it in auth_config.php probably best documented as a possible solution for this somewhere.

But now if you're using static no need to add any new accounts you add to library/Xerte/Authentication/static.php to the databse. They should be created automatically when they first login.

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: 17 May 2013 09:10
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Using Two Authentication Methods

Should we leave that change in auth_config? Do new users added to the list of usernames / passwords need setting up in the database, or will that happen on the first login? Just thinking it's a handy thing to have in your back pocket (if used wisely)

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: 17 May 2013 09:08
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Using Two Authentication Methods

Cheers, I got that working, good thinking there, thanks,

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: 16 May 2013 16:28
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: Using Two Authentication Methods

yeah but just to clarify the static.php I attached goes in the root it's not the same as the one John has pointed to. You could name mine something different to avoid confusion.

So all you'd be doing is providing those with static login a different initial url and their account credentials are in library/Xerte/Authentication/static.php

You could probably use db instead but you might have to manually switch to db authentication in auth_config.php to be able to create those accounts via management.php first before switching back to ldap. So it's a judgement call whether static will suffice (no disruption) or 10mins lack of access while you create the db accounts.

HTH
Ron

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Smith, John
Sent: 16 May 2013 16:02
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Using Two Authentication Methods

In library/Xerte/Authentication/static.php or something like that...


Regards,

John Smith
Learning Technologist
School of Health & Life Sciences
Glasgow Caledonian University

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: Thursday, May 16, 2013 3:57 PM
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Using Two Authentication Methods

So basically I'm setting up two front doors: one for the LDAP horde, and one for the select few, via different pages. That's OK I think.

Where do I put the username / password? (sorry, I'm not familiar with the static stuff).


From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: 16 May 2013 15:47
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: Using Two Authentication Methods

works for me...

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: 16 May 2013 15:16
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: Using Two Authentication Methods

Thinking out loud but this should work...

create a new very basic php page which the static login people should go to e.g. static.php
this would be unique to your install and therefore not broken by upgrades

set a session variable in there e.g. set static to true and then redirect to index.php

edit auth_config.php and check for that session and switch to static authentication if that session is set

So the only page you would have to protect from upgrades is auth_config.php which to be honest if you're upgrading regularly you need to do anyway.

This is theory but I think should work.

HTH
Ron

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: 16 May 2013 14:28
To: For Xerte technical developers (xerte-dev at lists.nottingham.ac.uk<mailto:xerte-dev at lists.nottingham.ac.uk>)
Subject: [Xerte-dev] Using Two Authentication Methods

Hi,

I need a bit of help from someone who knows the authentication stuff better than me:

We have some cases where, in the past, we've kept a few usernames / passwords in the auth code, and have checked against those before checking against LDAP. There are some collective efforts here where content is passed to a central admin account - one that has static authentication. Lots of people create content in their own accounts, and then pass it to the admin account when it is finished, and that sets up a lot of content for feeds, etc. Downstream, a website reads the folder feeds and displays the content.

When we upgraded, we lost this capability. Now that user can't login.

So I need to be able to either hardcode a username / password in somewhere (I know, I don't like it either) or have two auth methods, static, and then LDAP (or the other way around) if the first one fails, and I need a solution that won't break in the future when we upgrade again, because this is a real pain.

What's the best solution?

Thanks,

Julian




Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education's Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130517/801448c6/attachment-0001.html>


More information about the Xerte-dev mailing list