Reini Urban wrote:
> In the current code the authentification methods are "stacked", that
> means, that the methods are searched in a predefined search order
> (e.g. Anon or Bogo or HomePage password => ldap => imap => http_auth).
I still didn't understand how to create a home page password and how
to store a password there...
> The first method which returns true is taken. False is only returned if
> all defined methods will fail.
>
> With my new code we allow even more auth methods:
> internal db, external db, file
What means "file" - a textual password file?
I hope that there will be a method working without sql, since many
(cheap) hosting services don't offer sql - one of the reasons I use
PhpWiki.
> Now how should the admin configure his authentification:
> 1) Should he be able to define the search order?
> 2) Should he be able to define stacked (policy c) or strict (policy b)
> or pre-defined method order (policy a)?
I guess a combined method will rarely be necessary. If there is
already some kind of authentification, why shouldn't _all_ accounts
use it? But it wouldn't hurt, if it's safe:
> The problem is that the user may exist with the current method but the
> password is wrong, which brings him to the next method. This might not
IMHO if the user was found with the first method, no other methods
should be tried.
Regarding the implementation, I don't know enough about PHP to
contribute something useful.
[...]
> The code for a simple predefined scheme, (not-stacked) scheme is now
> ready, were only one auth method is predefined, for all users.
This would be fine for most cases, IMHO.
Oliver
|
