Re: [GNUe-dev] Some thoughts about authentication in gnue-common ...

[Jason Cater]

I'm fine with these improvements/changes, I was just pointing out that you 
don't have to start from scratch on doing everything. The current method 
could definitely use some expanding and polish. 

One thing we haven't addressed is the possibility of roles/groups. Those could 
be very useful in several contexts within GNUe -- especially Navigator (and 
probably AppServer). 

-- Jason 


On Wednesday 20 July 2005 2:28 am, Johannes Vetter wrote:
> Hi,
>
> > You are pretty much describing the mechanism currently in place:
> > http://www.gnuenterprise.org/tools/common/docs/technotes/00005.txt
>
> Great work, how could I've missed that ?! But as I see things an
> Authenticator cannot always return the complete sequence of required
> fields, because it is simply unknown what it will ask for. That was the
> reason why I've described this process as a loop over an authenticate ()
> method, which will stop if authentication is complete. The drawback of
> this will be, that there might appear multiple dialogs (questions) [this
> is compareable to the gdm login]. Of course there migth be
> authenticators which know all their required fields (i.e. ldap,
> nis, ...). Such an implementation can return all that fields with the
> first call to authenticate ().
>
> IMHO we should distinguish beween 'authentication' and 'database-login',
> where the former controls access to a given datasource, and the latter
> will be used to create an actual connection. I think authentication
> cannot provide the credentials used for later database-login, e.g. one
> uses ldap authentication, but likes to have a single database-user (and
> password); another one also uses ldap authentication, but wants to have
> that authenticated username/password for database login too. So I think
> we have to find an easy way of providing such credentials aside from
> authentication at all.
>
>
> Thanks,
> Johannes