On Thu, May 6, 2010 at 9:09 AM, Lane, Ryan Ryan.Lane@ocean.navo.navy.mil wrote:
There are a bunch of these web server authentication plugins that all mostly suck. Web server authentication would be fairly easy to add to core, with a minimal amount of change. The auto-auth code does nearly everything required of web server authentication, except the things that extensions *really* shouldn't be doing, like adding users to the database, and checking sessions.
Would anyone object if I add this support to core?
Core is where this stuff should be, IMO. And if any improvements to ExternalAuth would be handy, feel free to make them too!
On Thu, May 6, 2010 at 9:43 AM, Chad innocentkiller@gmail.com wrote:
I'd rather see an RFC written up with where we want to go with user auth. I know your idzeas differ from Aryeh's work on the issue, so I'd rather see all that stuff worked out before more code gets put in core.
Just my opinion though.
I'm pretty sure the result of our discussion was we basically agree on everything important. :) It's just a matter of implementing it. Our discussion was mostly a matter of clarifying our different assumptions (typical web app auth vs. LDAP auth). Even if there were disagreement about how ExternalAuth should be extended to handle a greater variety of backends, that shouldn't block progress on adding new backends like HTTP auth that don't require extension of the basic model to work right.