On Feb 28, 2:10 pm, "Patrick Lewis" <[EMAIL PROTECTED]> wrote: > On Feb 28, 5:14 am, "Ben Sizer" <[EMAIL PROTECTED]> wrote: > > > Surely there must be a way to log in a user without having to provide > > a password. Otherwise this is a restriction on many other types of > > authentication. > > > -- > > Ben Sizer > > What types of authentication are there that don't require a password > or secret of some type? It's an honest question; I'm not familiar with > any.
Well for starters, there might actually be a password, but it's handled remotely. eg. You may submit the username and password to some sort of trusted service on the local network, which can then grant or deny access. You may have existing code for doing this, and won't want to hack the identity provider or whatever it is to have to relay that password on (which I assume is possible, though I haven't checked). Or you might just grant access based on IP address, such as admin rights automatically granted to localhost. Or it could just be a low- security shared system, eg. an intranet wiki, where you just go by username and don't want to burden people with passwords. Maybe you don't store any important data that persists across visits, and instead just want to equate one 'user' with one extended visit to the site, but find it convenient to use identity to tie the data together across multiple HTTP requests, after an implicit login. Perhaps you're sharing a domain with a legacy PHP site, and while slowly migrating over to Turbogears, you want the cookie that your PHP login script sets to allow you to access restricted parts of your TG app. Or you might desire some sort of 'su' functionality where someone logged in as an administrator can log in as someone else instantly - for this you'd want to be able to just reassign the identity accordingly. Sure, many of these are somewhat uncommon, and I expect many or most can be hacked around with new identity providers, but I don't know how easily more than one such provider might co-exist within one app for example. I think it would be beneficial to expose a function that allows people with advanced authentication purposes to simply reassign the current user. -- Ben Sizer --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
