[Catalyst] passwordless LDAP authentication
Rodrigo
rodrigolive at gmail.com
Mon Jul 27 09:38:35 GMT 2009
Hi all,
I'm using Catalyst::Authentication::Store::LDAP to authenticate users, but
now I need to allow some of them to single-signon without a password, like
this:
if( $is_sso ) {
$c->authenticate({ id=3D> $user }); ## I trust this dude, so skip the
check_password sub
} else {
$c->authenticate({ id=3D> $user, password=3D>$password ); ## old fashio=
ned
}
I'm looking at the authentication internals and it seems to be missing a
per-user flag to disable password checking. Only a global realm-based
password_type=3D>'none' exists. Am I correct?
On the other hand, switching realms to a passwordless LDAP where
password_type=3D>'none' either duplicates information sensesly, or is a lit=
tle
bit messy since it needs a MyApp.pm startup config hack. But it seems like
the only doable option right now.
To make matters worse, LDAP::User::check_password also checks user roles
since it needs the password to bind to the ldap server. That could make it
more difficult to implement a passwordless flag at any level on the
authenticate chain.
Any views on this?
regards,
rodrigo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.scsys.co.uk/pipermail/catalyst/attachments/20090727/52a37=
009/attachment.htm
More information about the Catalyst
mailing list