[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [phpGroupWare-developers] sso and mapping
|
From: |
Dave Hall |
|
Subject: |
Re: [phpGroupWare-developers] sso and mapping |
|
Date: |
Mon, 30 Oct 2006 00:01:37 +1100 |
Hi Sigurd,
This isn't my code, but I understand how some of it works.
On Sun, 2006-10-29 at 13:46 +0100, Sigurd Nes wrote:
> 2) in login.php around line 48 - the password is set to the account_lid
> fetched from the mapping before creating session - is this working?
> (seems like the password is not authenticated in
> class.auth_remoteuser.inc.php - as long as there is a valid mapping of
> the remote user - you're in)
$_SERVER['REMOTE_USER'] is set by apache when a user has been
authenticated using one of the apache authentication modules, such as
mod_auth_sso, mod_auth_ldap or mod_auth_krb5 etc
That is why we just check to see if the value is set and contains a non
empty string. We are never given the password so it can't be validated
that is done by apache (some apache auth modules don't use passwords).
We also have no way of knowing if the value apache provides is forged,
so we have to rely on the security of the apache module code.
I hope this helps to clarify it.
Cheers
Dave
--
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
e address@hidden
w phpgroupware.org
j address@hidden
sip address@hidden
_ ____ __ __
_ __ | |__ _ __ / ___|_ __ ___ _ _ _ _\ \ / /_ _ _ __ ___
| '_ \| '_ \| '_ \| | _| '__/ _ \| | | | '_ \ \ /\ / / _` | '__/ _ \
| |_) | | | | |_) | |_| | | | (_) | |_| | |_) \ V V / (_| | | | __/
| .__/|_| |_| .__/ \____|_| \___/ \__,_| .__/ \_/\_/ \__,_|_| \___|
|_| |_| |_|Web based collaboration platform