Add zarb MLs html archivesHEADmaster

1 files changed, 121 insertions, 0 deletions

diff --git a/zarb-ml/mageia-sysadm/2011-April/003332.html b/zarb-ml/mageia-sysadm/2011-April/003332.html
new file mode 100644
index 000000000..3f6aaa64b
--- /dev/null
+++ b/zarb-ml/mageia-sysadm/2011-April/003332.html
@@ -0,0 +1,121 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [Mageia-sysadm] Users authentication on forums
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Users%20authentication%20on%20forums&In-Reply-To=%3C4DA32002.5050301%40iki.fi%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="003331.html">
+   <LINK REL="Next"  HREF="003372.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[Mageia-sysadm] Users authentication on forums</H1>
+    <B>Thomas Backlund</B> 
+    <A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Users%20authentication%20on%20forums&In-Reply-To=%3C4DA32002.5050301%40iki.fi%3E"
+       TITLE="[Mageia-sysadm] Users authentication on forums">tmb at iki.fi
+       </A><BR>
+    <I>Mon Apr 11 17:36:34 CEST 2011</I>
+    <P><UL>
+        <LI>Previous message: <A HREF="003331.html">[Mageia-sysadm] Users authentication on forums
+</A></li>
+        <LI>Next message: <A HREF="003372.html">[Mageia-sysadm] Users authentication on forums
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#3332">[ date ]</a>
+              <a href="thread.html#3332">[ thread ]</a>
+              <a href="subject.html#3332">[ subject ]</a>
+              <a href="author.html#3332">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>nicolas vigier skrev 11.4.2011 15:39:
+&gt;<i> Hello,
+</I>&gt;<i>
+</I>&gt;<i> For authentication on the forums, we are currently using ldap. The user
+</I>&gt;<i> sends his login and passwords to phpbb which use it to authenticate on
+</I>&gt;<i> ldap server. Because of this, someone with root access on the forums
+</I>&gt;<i> server can access password of any user connecting to the forums. And
+</I>&gt;<i> because important passwords are transfered, the connection needs to be
+</I>&gt;<i> in SSL, so the *.mageia.org certificate also needs to be installed. So
+</I>&gt;<i> access to the server needs to be restricted to sysadmin team only, who
+</I>&gt;<i> also need to be able to check what is being done on forums, check it is
+</I>&gt;<i> secure, etc ... And I think this makes forums admins not happy.
+</I>&gt;<i>
+</I>&gt;<i> As we are using ldap for authentication only (not for groups or anything
+</I>&gt;<i> else), I think we could do authentication differently. Maybe we could
+</I>&gt;<i> setup a mageia OpenID server linked to the ldap server. Then on the
+</I>&gt;<i> forums use OpenID for authentication, when a user enter his login on
+</I>&gt;<i> the forums he is redirected to the mageia OpenID authentication page
+</I>&gt;<i> for the login entered. Then we can disable https on the forums, and
+</I>&gt;<i> forum admins can be root on the forums server. And passwords are better
+</I>&gt;<i> protected in case phpbb has a vulnerability.
+</I>&gt;<i>
+</I>
+One question...
+
+Why would forum admins need to be root ?
+
+Most things can be managed with specific user/group permissions on 
+needed files &amp; dirs. same goes for sql... just add db user with needed 
+permissions...
+
+
+&gt;<i> Sysadmin team would manage openid server. And forum team would manage
+</I>&gt;<i> forums server.
+</I>&gt;<i>
+</I>&gt;<i> I've seen this project for phpbb3 openid authentication (I didn't check
+</I>&gt;<i> if there are others) :
+</I>&gt;<i> <A HREF="http://sourceforge.net/projects/phpbb-openid/">http://sourceforge.net/projects/phpbb-openid/</A>
+</I>&gt;<i>
+</I>&gt;<i> Login form looks like this :
+</I>&gt;<i> <A HREF="http://sourceforge.net/dbimage.php?id=91989">http://sourceforge.net/dbimage.php?id=91989</A>
+</I>&gt;<i> We would need to modify it to remove Username/Password. Replace &quot;OpenID&quot;
+</I>&gt;<i> with &quot;Mageia login&quot; and automatically use Mageia OpenID server with the
+</I>&gt;<i> login entered. So that each account on the forum is still linked to a
+</I>&gt;<i> Mageia account.
+</I>&gt;<i>
+</I>&gt;<i> What do you think ?
+</I>&gt;<i>
+</I>&gt;<i> _______________________________________________
+</I>&gt;<i> Mageia-sysadm mailing list
+</I>&gt;<i> <A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">Mageia-sysadm at mageia.org</A>
+</I>&gt;<i> <A HREF="https://www.mageia.org/mailman/listinfo/mageia-sysadm">https://www.mageia.org/mailman/listinfo/mageia-sysadm</A>
+</I>&gt;<i> .
+</I>&gt;<i>
+</I>
+</PRE>
+
+
+
+
+
+
+
+
+
+
+
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message: <A HREF="003331.html">[Mageia-sysadm] Users authentication on forums
+</A></li>
+	<LI>Next message: <A HREF="003372.html">[Mageia-sysadm] Users authentication on forums
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#3332">[ date ]</a>
+              <a href="thread.html#3332">[ thread ]</a>
+              <a href="subject.html#3332">[ subject ]</a>
+              <a href="author.html#3332">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
+mailing list</a><br>
+</body></html>