On Thu, May 6, 2010 at 9:09 AM, Lane, Ryan
<Ryan.Lane(a)ocean.navo.navy.mil> wrote:
There are a bunch of these web server authentication
plugins that all mostly
suck. Web server authentication would be fairly easy to add to core, with a
minimal amount of change. The auto-auth code does nearly everything required
of web server authentication, except the things that extensions *really*
shouldn't be doing, like adding users to the database, and checking
sessions.
Would anyone object if I add this support to core?
Core is where this stuff should be, IMO. And if any improvements to
ExternalAuth would be handy, feel free to make them too!
On Thu, May 6, 2010 at 9:43 AM, Chad <innocentkiller(a)gmail.com> wrote:
I'd rather see an RFC written up with where we
want to go with user
auth. I know your idzeas differ from Aryeh's work on the issue, so
I'd rather see all that stuff worked out before more code gets put in
core.
Just my opinion though.
I'm pretty sure the result of our discussion was we basically agree on
everything important. :) It's just a matter of implementing it. Our
discussion was mostly a matter of clarifying our different assumptions
(typical web app auth vs. LDAP auth). Even if there were disagreement
about how ExternalAuth should be extended to handle a greater variety
of backends, that shouldn't block progress on adding new backends like
HTTP auth that don't require extension of the basic model to work
right.