Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
icon5.gif   external authentication possible?, posted by Steve Allen on Mon Dec 6 02:34:32 2004 
    icon2.gif   Re: external authentication possible?, posted by Stefan Ritt on Mon Dec 6 21:22:20 2004 
       icon2.gif   Re: external authentication possible?, posted by Steve Jones on Mon Dec 6 22:48:19 2004 
          icon7.gif   Re: external authentication possible?, posted by Steve Allen on Tue Dec 7 01:18:14 2004 
          icon2.gif   Re: external authentication possible?, posted by Stefan Ritt on Sun Dec 12 12:49:06 2004 
             icon12.gif   Re: external authentication possible?, posted by Steve Jones on Wed Dec 15 15:42:13 2004 
                icon2.gif   Re: external authentication possible?, posted by Stefan Ritt on Wed Dec 15 18:19:31 2004 
                   icon2.gif   Re: external authentication possible?, posted by Steve Jones on Thu Dec 16 05:23:54 2004 
Message ID: 850     Entry time: Wed Dec 15 18:19:31 2004     In reply to: 849     Reply to this: 851
Icon: Reply  Author: Stefan Ritt  Author Email: stefan.ritt@psi.ch 
Category: Comment  OS: All  ELOG Version: 2.5.5-2 
Subject: Re: external authentication possible? 
> Ah, you test me!  Perhaps I will attempt to dig into this but I may have to leave the
> integration up to you, Stefan.  Seems that there would be two roads to go:
> 1> Move away from standalone and start to rely on Apache
> 2> Continue with the standalone theme and build in LDAP authentication (which could
> also give you groups functions as well). 
> 
> I think I would opt for <2>

<1> would only make sense if the functionality could be completely implemented inside
Apache, without (much) modification of elog. Otherwise I agree that <2> would be more
following the general lines of elog. I was considering to implement PAM (pluggable
authorization module) support into elog, which is quite easy to implement and gives you
to power of having LDAP, Kerberos, Unix username, Windows NT Domain and much more. But
that would them be restricted to elog running under Linux (and Solaris I guess), since
I'm not aware of a PAM implementation under Windows.

Implementing LDAP directly into elog gives me the problem that we don't use LDAP
authentication at our institute (it's Kerberos in fact). So I would have to set up my own
LDAP server for testing, plus we at our institute don't have a direct benefit from that,
which would make it hard for me to justify to spend time on.
ELOG V3.1.5-fe60aaf