- To: slug@xxxxxxxxxxx
- Subject: Fwd: [SLUG] drupal distributed authentication
- From: James Polley <zhasper@xxxxxxxxx>
- Date: Tue, 5 Jul 2005 14:05:48 +1000
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=QSaEqsy8yDoHMgAenyqO/Ft3Vnr5C6osIwudeFRBMkdgjnvlfcztYaXbP12/1PZeLezQ1C6E4TN8NX0EITjwU4zEMFzQB3jlINSWQgDWmgrh1G6IehapmfpghunGE3UtTFGFdDWLaLhRQ5Y77C5erNWaqfGEKqsipKvi6MhjMbU=
- Reply-to: James Polley <zhasper@xxxxxxxxx>
note to self: must reply-all when you want to go to the list
---------- Forwarded message ----------
From: James Polley <zhasper@xxxxxxxxx>
Date: Jul 5, 2005 9:52 AM
Subject: Re: [SLUG] drupal distributed authentication
To: Conrad Parker <conrad@xxxxxxxxxxxxx>
I'm running drupal on my own personal site. So, I can't answer your
first question..
I'm not going to comment on "resemblence between a security model and
Drupal's distributed authentication" either, because I don't have the
time..
I can answer the other questions very simply though:
* The code, as provided, either allows auth from any site, or from
none. You could change this of course, the code is open...
* No, there's nothing other than relaying of plaintext passwords.
If your interested in distributed authentication, http://openid.net
looks like the best proposal I've seen so far... there's no drupal
module just yet though. Actually, there's no *anything* module just
yet, aside from a few test sites and Livejournal..
Incidentally, drupal.org is definitely up - and a new release to
address the issues in xml-rpc can be found at
http://drupal.org/drupal-4.6.2
Guess I'll be updating tonight *sigh*
On 7/4/05, Conrad Parker <conrad@xxxxxxxxxxxxx> wrote:
> Dear Dr. Slug,
> So, I'm after two bits of advice from anyone who's administered Drupal,
> or who can convincingly impersonate a Drupal administrator:
>
> 1) Do you hate Drupal? Have you used it extensively and then switched
> away from it? why?
>
> 2) How hard, or not, do you have to squint to see a resemblence between
> a security model and Drupal's distributed authentication? For example, can
> I choose not to accept authentication from certain sites? and is there
> anything other than a distributed relaying of plaintext passwords?
>
> cheers,
>
> Conrad.
> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>
--
There is nothing more worthy of contempt than a man who quote himself
in his email footer - Zhasper, 2005
--
There is nothing more worthy of contempt than a man who quote himself
in his email footer - Zhasper, 2005
SLUG Mailing List Archives