[Xerte-dev] Re: Using Two Authentication Methods
Smith, John
J.J.Smith at gcu.ac.uk
Thu May 16 16:02:28 BST 2013
In library/Xerte/Authentication/static.php or something like that...
Regards,
John Smith
Learning Technologist
School of Health & Life Sciences
Glasgow Caledonian University
From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: Thursday, May 16, 2013 3:57 PM
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Using Two Authentication Methods
So basically I'm setting up two front doors: one for the LDAP horde, and one for the select few, via different pages. That's OK I think.
Where do I put the username / password? (sorry, I'm not familiar with the static stuff).
From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: 16 May 2013 15:47
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: Using Two Authentication Methods
works for me...
From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: 16 May 2013 15:16
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: Using Two Authentication Methods
Thinking out loud but this should work...
create a new very basic php page which the static login people should go to e.g. static.php
this would be unique to your install and therefore not broken by upgrades
set a session variable in there e.g. set static to true and then redirect to index.php
edit auth_config.php and check for that session and switch to static authentication if that session is set
So the only page you would have to protect from upgrades is auth_config.php which to be honest if you're upgrading regularly you need to do anyway.
This is theory but I think should work.
HTH
Ron
From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: 16 May 2013 14:28
To: For Xerte technical developers (xerte-dev at lists.nottingham.ac.uk<mailto:xerte-dev at lists.nottingham.ac.uk>)
Subject: [Xerte-dev] Using Two Authentication Methods
Hi,
I need a bit of help from someone who knows the authentication stuff better than me:
We have some cases where, in the past, we've kept a few usernames / passwords in the auth code, and have checked against those before checking against LDAP. There are some collective efforts here where content is passed to a central admin account - one that has static authentication. Lots of people create content in their own accounts, and then pass it to the admin account when it is finished, and that sets up a lot of content for feeds, etc. Downstream, a website reads the folder feeds and displays the content.
When we upgraded, we lost this capability. Now that user can't login.
So I need to be able to either hardcode a username / password in somewhere (I know, I don't like it either) or have two auth methods, static, and then LDAP (or the other way around) if the first one fails, and I need a solution that won't break in the future when we upgrade again, because this is a real pain.
What's the best solution?
Thanks,
Julian
Glasgow Caledonian University is a registered Scottish charity, number SC021474
Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
Winner: Times Higher Education's Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130516/2e417212/attachment-0001.html>
More information about the Xerte-dev
mailing list