I'm using Catalyst::Authentication::Store::LDAP to authenticate users, but
now I need to allow some of them to single-signon without a password, like
this:
if( $is_sso ) {
$c->authenticate({ id=> $user }); ## I trust this dude, so skip the
check_password sub
} else {
$c->authenticate({ id=> $user, password=>$password ); ## old fashioned
}
I'm looking at the authentication internals and it seems to be missing a
per-user flag to disable password checking. Only a global realm-based
password_type=>'none' exists. Am I correct?
On the other hand, switching realms to a passwordless LDAP where
password_type=>'none' either duplicates information sensesly, or is a little
bit messy since it needs a MyApp.pm startup config hack. But it seems like
the only doable option right now.
To make matters worse, LDAP::User::check_password also checks user roles
since it needs the password to bind to the ldap server. That could make it
more difficult to implement a passwordless flag at any level on the
authenticate chain.
Any views on this?
regards,
rodrigo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090727/52a37009/attachment.htm
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090727/52a37009/attachment.htm
