Re: [GNUe-dev] Some thoughts about authentication in gnue-common ...

[Johannes Vetter]

Hi,

> You are pretty much describing the mechanism currently in place:
> http://www.gnuenterprise.org/tools/common/docs/technotes/00005.txt

Great work, how could I've missed that ?! But as I see things an
Authenticator cannot always return the complete sequence of required
fields, because it is simply unknown what it will ask for. That was the
reason why I've described this process as a loop over an authenticate ()
method, which will stop if authentication is complete. The drawback of
this will be, that there might appear multiple dialogs (questions) [this
is compareable to the gdm login]. Of course there migth be
authenticators which know all their required fields (i.e. ldap,
nis, ...). Such an implementation can return all that fields with the
first call to authenticate (). 

IMHO we should distinguish beween 'authentication' and 'database-login',
where the former controls access to a given datasource, and the latter
will be used to create an actual connection. I think authentication
cannot provide the credentials used for later database-login, e.g. one
uses ldap authentication, but likes to have a single database-user (and
password); another one also uses ldap authentication, but wants to have
that authenticated username/password for database login too. So I think
we have to find an easy way of providing such credentials aside from
authentication at all.


Thanks,
Johannes



-- 
BYTEWISE Software GmbH               Tel +43 (5577) 89877-0
i.A. Johannes Vetter                 Fax +43 (5577) 89877-66
A-6890 Lustenau, Enga 2              http://www.bytewise.at
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wir bieten Installation und Support für Ubuntu: ein auf
GNU/Linux basierendes Softwaresystem für Arbeitsplatzrechner

signature.asc
Description: This is a digitally signed message part