On Thu, 7 Aug 2008, Maximillian Dornseif wrote:
> I'm trying to use Laconica company-internal.
That sounds neat!
> Our setup is not really internal. It is on a public IP to allow
> home-office workers, road-warriors and mobile phone geeks to access the
> installation.
Great!
> So how to keep strangers out? We usually slap Apache based
> HTTP-Authentication on things which use an central LDAP server to check
> credentials. This works to a certain degree, but has two issues:
>
> 1)
> The /api/* resources do their own HTTP authentication. And double HTTP
> Authentication which does not work very well. I can't remove the HTTP
> Authentication in actions/api.php since it is not only used for
> authentication purposes but also for identification of the desired
> resource: e.g. api/account/update_location chooses the user which needs
> updating based on the HTTP-user.
>
> This could be solved by telling apache to do NO auth via LDAP for URLs
> starting with ^/api/ but so far I wasn't able to implement this with my
> mod_auth/mod_rewrite/mod_php interaction mojo.
What did you try?
> 2)
> We now have double authentication: a User logs via HTTP-Auth and than
> has to login again via a web form and a session cookie. I'm looking into
> ways to avoid that. One way would be to check if PHP_AUTH_USER is set
> and if so save that during manual login in the database. Next time we
> see a non logged in session and a PHP_AUTH_USER we can check if that
> PHP_AUTH_USER is already known and automatically log the user in
> (password is already checked by apache via LDAP). This could probably
> done by adding a column to the user table and adding some code to
> index.php to log users without a session and valid http credentials in.
Trusting HTTP-Auth seems like a great idea to me. Evan, if md submits a
patch, would you accept it?
You'd have to think about the OpenID case in a patch for the real
laconi.ca, I imagine, but that's not too hard. Just write up a note
indicating why what you did doesn't break that.
-- Asheesh.
--
"If Jesus came back today, and saw what was going on in his name, he'd never
stop throwing up."
-- Max Von Sydow's character in "Hannah and Her Sisters"
_______________________________________________
Laconica-dev mailing list
[email protected]
http://mail.laconi.ca/mailman/listinfo/laconica-dev
