1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-sysadm] Users authentication on forums
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Users%20authentication%20on%20forums&In-Reply-To=%3C20110411123920.GX21938%40mars-attacks.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="003335.html">
<LINK REL="Next" HREF="003330.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-sysadm] Users authentication on forums</H1>
<B>nicolas vigier</B>
<A HREF="mailto:mageia-sysadm%40mageia.org?Subject=Re%3A%20%5BMageia-sysadm%5D%20Users%20authentication%20on%20forums&In-Reply-To=%3C20110411123920.GX21938%40mars-attacks.org%3E"
TITLE="[Mageia-sysadm] Users authentication on forums">boklm at mars-attacks.org
</A><BR>
<I>Mon Apr 11 14:39:20 CEST 2011</I>
<P><UL>
<LI>Previous message: <A HREF="003335.html">[Mageia-sysadm] multiple builds on each nodes
</A></li>
<LI>Next message: <A HREF="003330.html">[Mageia-sysadm] Users authentication on forums
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#3328">[ date ]</a>
<a href="thread.html#3328">[ thread ]</a>
<a href="subject.html#3328">[ subject ]</a>
<a href="author.html#3328">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Hello,
For authentication on the forums, we are currently using ldap. The user
sends his login and passwords to phpbb which use it to authenticate on
ldap server. Because of this, someone with root access on the forums
server can access password of any user connecting to the forums. And
because important passwords are transfered, the connection needs to be
in SSL, so the *.mageia.org certificate also needs to be installed. So
access to the server needs to be restricted to sysadmin team only, who
also need to be able to check what is being done on forums, check it is
secure, etc ... And I think this makes forums admins not happy.
As we are using ldap for authentication only (not for groups or anything
else), I think we could do authentication differently. Maybe we could
setup a mageia OpenID server linked to the ldap server. Then on the
forums use OpenID for authentication, when a user enter his login on
the forums he is redirected to the mageia OpenID authentication page
for the login entered. Then we can disable https on the forums, and
forum admins can be root on the forums server. And passwords are better
protected in case phpbb has a vulnerability.
Sysadmin team would manage openid server. And forum team would manage
forums server.
I've seen this project for phpbb3 openid authentication (I didn't check
if there are others) :
<A HREF="http://sourceforge.net/projects/phpbb-openid/">http://sourceforge.net/projects/phpbb-openid/</A>
Login form looks like this :
<A HREF="http://sourceforge.net/dbimage.php?id=91989">http://sourceforge.net/dbimage.php?id=91989</A>
We would need to modify it to remove Username/Password. Replace "OpenID"
with "Mageia login" and automatically use Mageia OpenID server with the
login entered. So that each account on the forum is still linked to a
Mageia account.
What do you think ?
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="003335.html">[Mageia-sysadm] multiple builds on each nodes
</A></li>
<LI>Next message: <A HREF="003330.html">[Mageia-sysadm] Users authentication on forums
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#3328">[ date ]</a>
<a href="thread.html#3328">[ thread ]</a>
<a href="subject.html#3328">[ subject ]</a>
<a href="author.html#3328">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-sysadm">More information about the Mageia-sysadm
mailing list</a><br>
</body></html>
|
