Questions Re: New Authentication Module

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Questions Re: New Authentication Module

A. Karl Kornel
Hello to all!

   I hope the experienced Bugzilla users & developers wouldn't mind
taking a look at some quick (well, not so quick) questions!

   I'm thinking about writing a new authentication module.  In the
environment where this module would be used, local users have email
addresses in the form [hidden email] (obviously not blah.com).  For
people who try to log in using [hidden email], my module would
extract the username, look up the username through NIS, and match the
user-provided password to the NIS-provided password.

   I was originally thinking of doing something like the LDAP module,
where you don't have to register for an account, the details are added
to bugzilla automatically as needed when you first log in.  However,
from what I can tell doing the same thing as the LDAP module would not
allow outside users to create new accounts themselves (they'd have to
get an admin to do it).  Is this correct?

   What I would do is allow the user to register as normal, with a note
that all users in the blah.com domain should use their blah.com e-mail
address during registration.  At all login prompts, I would include a
notice telling all users using a blah.com e-mail address to log in using
said e-mail address and their blah.com password, NOT the
randomly-generated password created when they first registered.  That
way, non-blah.com users can register and log in as normal.

   Of course, it seems there may be one additional problem.  From what I
have seen, Bugzilla does not fall back to alternate authentication
methods, so if I write this I'll have to include calls to DB.pm to
handle the non-blah.com users.  Is this correct?

   If I do this, I'll need to add the module to the list of possible
authentication methods that appears in editparams.cgi.  It looks like
I'll have to update check_loginmethod() and @param_list in
editparams.pl.  Is there any other area I'll need to edit?

   I think that's everything at this point.  Of course, any other
comments/questions are welcome.  I'd also love to know if anyone has
attempted/done this before.  Thanks!
--
=============================
|   Alfred Karl Kornel
|   -- [hidden email]
|   Member- Europa Research Group
|   UNIX / RESOLVE Consultant
=============================

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
_______________________________________________
mozilla-webtools mailing list
[hidden email]
http://mail.mozilla.org/listinfo/mozilla-webtools
Reply | Threaded
Open this post in threaded view
|

Re: Questions Re: New Authentication Module

Max Kanat-Alexander
On Sun, 2005-06-05 at 20:14 -0400, A. Karl Kornel wrote:
> However,
> from what I can tell doing the same thing as the LDAP module would not
> allow outside users to create new accounts themselves (they'd have to
> get an admin to do it).  Is this correct?

        In 2.18, that's true. In 2.19.2+, you can "stack" authentication
modules on top of each other, so somebody can fall-back to the normal DB
if LDAP doesn't authenticate them.

> At all login prompts, I would include a
> notice telling all users using a blah.com e-mail address to log in using
> said e-mail address and their blah.com password, NOT the
> randomly-generated password created when they first registered.

        They won't get a randomly-generated password, if they log in through
something LDAP-like. Their account is just immediately created when they
log in successfully.

>    Of course, it seems there may be one additional problem.  From what I
> have seen, Bugzilla does not fall back to alternate authentication
> methods, so if I write this I'll have to include calls to DB.pm to
> handle the non-blah.com users.  Is this correct?

        Yes, for 2.18. 2.19.2+ handles the situation already, I believe.

        -Max
--
http://www.everythingsolved.com/
Everything Solved: Experts at Bugzilla... and everything else, too.

_______________________________________________
mozilla-webtools mailing list
[hidden email]
http://mail.mozilla.org/listinfo/mozilla-webtools
Reply | Threaded
Open this post in threaded view
|

Re: Questions Re: New Authentication Module

A. Karl Kornel
In reply to this post by A. Karl Kornel
In article <[hidden email]>,
 Max Kanat-Alexander <[hidden email]> wrote:

> On Sun, 2005-06-05 at 20:14 -0400, A. Karl Kornel wrote:
> > However,
> > from what I can tell doing the same thing as the LDAP module would not
> > allow outside users to create new accounts themselves (they'd have to
> > get an admin to do it).  Is this correct?
>
>         In 2.18, that's true. In 2.19.2+, you can "stack" authentication
> modules on top of each other, so somebody can fall-back to the normal DB
> if LDAP doesn't authenticate them.
>

   Thanks for the info!  Given that, I'll wait till 2.20 is released
before I try anything.  Thanks again!
--
=============================
|   Alfred Karl Kornel
|   -- [hidden email]
|   Member- Europa Research Group
|   UNIX / RESOLVE Consultant
=============================

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
_______________________________________________
mozilla-webtools mailing list
[hidden email]
http://mail.mozilla.org/listinfo/mozilla-webtools