Hi, I am currently processing RFE 1001973 and have extended OpenCA::AC password authentication with an 'external' method.
It is quite simple, I get the path of an external command from the configuration file. After the user has entered username and password on the normal password login screen, OpenCA::AC sets these values in the environment and calls the specified program. Depending on the return value the access is granted for this user. But I've got a problem understanding the semantics of the user's role. In the "internal database" configuration each individual user is listed in the configuration. Every user entry must have a single "role" entry that is used in Access Control initialization. If is not set, the AC module complains with error 6293013 (see getRole()). However, if I use an external program for authentication, I do not know which user(s) will login, so I don't have an explicit Role for the user that *will* login now. I thought it would be possible to have the external authentication program print out the user role on STDOUT after successful authentication and use this as the user role, but this is too late. Any ideas about this? What semantics are expected on this role mapping stuff? Is the required role for each user on one single node (CA, RA, LDAP, etc) always the same or can it differ between users? Martin ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
