Hi all,
I'm using Catalyst::Authentication::Store::LDAP to authenticate users, but
now I need to allow some of them to single-signon without a password, like

if( $is_sso ) {
$c->authenticate({ id=> $user }); ## I trust this dude, so skip the
check_password sub
} else {
$c->authenticate({ id=> $user, password=>$password ); ## old fashioned

I'm looking at the authentication internals and it seems to be missing a
per-user flag to disable password checking. Only a global realm-based
password_type=>'none' exists. Am I correct?

On the other hand, switching realms to a passwordless LDAP where
password_type=>'none' either duplicates information sensesly, or is a little
bit messy since it needs a MyApp.pm startup config hack. But it seems like
the only doable option right now.

To make matters worse, LDAP::User::check_password also checks user roles
since it needs the password to bind to the ldap server. That could make it
more difficult to implement a passwordless flag at any level on the
authenticate chain.

Any views on this?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090727/52a37009/attachment.htm

Search Discussions

Discussion Posts

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 1 of 2 | next ›
Discussion Overview
groupcatalyst @
categoriescatalyst, perl
postedJul 27, '09 at 9:38a
activeJul 27, '09 at 10:51a



site design / logo © 2022 Grokbase