Hi all,<br>I'm using Catalyst::Authentication::Store::LDAP to authenticate users, but now I need to allow some of them to single-signon without a password, like this:<br><br>if( $is_sso ) {<br> $c->authenticate({ id=> $user }); ## I trust this dude, so skip the check_password sub<br>
} else {<br> $c->authenticate({ id=> $user, password=>$password ); ## old fashioned<br>}<br><br>I'm looking at the authentication internals and it seems to be missing a per-user flag to disable password checking. Only a global realm-based password_type=>'none' exists. Am I correct?<br>
<br>On the other hand, switching realms to a passwordless LDAP where password_type=>'none' either duplicates information sensesly, or is a little bit messy since it needs a MyApp.pm startup config hack. But it seems like the only doable option right now. <br>
<br>To make matters worse, LDAP::User::check_password also checks user roles since it needs the password to bind to the ldap server. That could make it more difficult to implement a passwordless flag at any level on the authenticate chain. <br>
<br>Any views on this?<br>
<br>regards, <br> rodrigo<br>