authentication module

Worker Joined: Aug 28, 2003 Posts: 227

I'm spending the week in Salt Lake City, UT at the Novell Brainshare conference.

For those of you not familar with Novell they were the king of network file servers in the 80's and early 90's. They became lazy and stupid and got their behinds kicked by Microsoft. They at one time had 75% of the market. Now it's 35% or less.

However, this is all changing with their acquisition of ximian and SuSE. The proprietary Netware platform is dead. They are moving all of their products to the Linux platform – including the creation of a new file system (NSS) instead of Riser and ext2. But that’s a separate topic that probably doesn’t affect anyone here. 

That got me thinking on how php-nuke authenticates and how it’s limited to the mysql database. Novell offers as part of their product is a virtual office program – it’s a quasi-cms/portal. It’s not GPL but it got me to thinking of the authentication module.

Has any consideration been made to have a pluggable authentication mechanism for php-portal? If a person decides to implement this in their business why can’t I authenticate against my directory via LDAP? Or if I’m setting this up as we setup php-nuke now then why can’t I choose to authenticate via a mysql db?

Thoughts?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

paranor wrote:

That got me thinking on how php-nuke authenticates and how it’s limited to the mysql database. Novell offers as part of their product is a virtual office program – it’s a quasi-cms/portal. It’s not GPL but it got me to thinking of the authentication module.

Has any consideration been made to have a pluggable authentication mechanism for php-portal? If a person decides to implement this in their business why can’t I authenticate against my directory via LDAP? Or if I’m setting this up as we setup php-nuke now then why can’t I choose to authenticate via a mysql db?

Thoughts?

Nuke is not limited to MySQL, at least by design. Using the sql layer it is supposed to be able to use other rdbms'. In practice it doesn't work well, if at all. So, by design - yes. Reality - no Sad

Yes, PHP-Portal is being designed to have a database layer that is intended to be independent of the system using it. It is intended to be a 'listening' layer that will accept plugins.

Posted: Wed Mar 24, 2004 1:47 pm

I'm curious what you mean by database layer. I may way to authenticate via ldap but store my discussion forum in the mysql file. Are we on the same page?

Posted: Wed Mar 24, 2004 1:56 pm

That's a different issue. Authentication in nuke, as an example, is based on the premise that all the tables, including the users table, is in the nuke database. Therefore, authentication must take place in the nuke 'context' or 'template'. It would be possible, of course, to have authentication take place from ldap and then once authenticated have a communication to the nuke table. In essence a 'connector'. Hmmm. Yet another object Laughing

I'll keep this one on the table for now.

Posted: Wed Mar 24, 2004 2:08 pm

Do you have a design yet on the authentication flow? (don't slap me - I know it's probably a big job to do this! lol)

Posted: Wed Mar 24, 2004 10:29 pm

Have you ever been involved with a directory system?

Posted: Wed Mar 24, 2004 10:33 pm

Sprint uses ldap and 2 years ago I had to write an interface for an application's web access, but I was using proprietary software so there wasn't much to it. On the other hand, PHP has a nice ldap interface.

Posted: Wed Mar 24, 2004 11:27 pm

This is such an exciting discussion! I'm not a programmer but would I be guessing correctly that nuke authentication would be pluggable and ldap? And that ldap would be another layer of security protecting the user and author tables?

Posted: Wed Mar 24, 2004 11:44 pm

I was thinking more of providing the *option* of having a flexible authentication mechanism so that it may possible open it for use in other organizations that embrace open source but don't want to mess with a separate user ID database. On my network we require apps to be able to authenticate via LDAP.