On Thu, May 6, 2010 at 9:09 AM, Lane, Ryan <[email protected]> wrote: > There are a bunch of these web server authentication plugins that all mostly > suck. Web server authentication would be fairly easy to add to core, with a > minimal amount of change. The auto-auth code does nearly everything required > of web server authentication, except the things that extensions *really* > shouldn't be doing, like adding users to the database, and checking > sessions. > > Would anyone object if I add this support to core?
Core is where this stuff should be, IMO. And if any improvements to ExternalAuth would be handy, feel free to make them too! On Thu, May 6, 2010 at 9:43 AM, Chad <[email protected]> wrote: > I'd rather see an RFC written up with where we want to go with user > auth. I know your idzeas differ from Aryeh's work on the issue, so > I'd rather see all that stuff worked out before more code gets put in > core. > > Just my opinion though. I'm pretty sure the result of our discussion was we basically agree on everything important. :) It's just a matter of implementing it. Our discussion was mostly a matter of clarifying our different assumptions (typical web app auth vs. LDAP auth). Even if there were disagreement about how ExternalAuth should be extended to handle a greater variety of backends, that shouldn't block progress on adding new backends like HTTP auth that don't require extension of the basic model to work right. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
