[Typo3-dev] LDAP System Extensions II
Martin T. Kutschker
Martin.no5pam.Kutschker at blackbox.n0spam.net
Tue Dec 7 09:19:19 CET 2004
Daniel Thomas wrote:
> Hello together,
>
> - there is no interest for a new way of handling authentification in the
> TYPO3 framework in general
Still hoping to find time for that.
TYPO3 needs a new authentication.
What I think migh be needed is way to handle HTTP authenticatoins like
Basic Digest and NTLM. That means the authentication should have some
kind of hook for setting the header based on the session state.
BW, the service class makes (or used to make) two calls in the wrong
order. It has getUser() and then authUser(). This is wrong!
First it should try to find and authenticate the user and then it should
try to load his/her data. Think authentication via passwd and details in
an external db.
I know that it was done this way because it was convenient in the LDAP
case, but it's not correct.
Masi
More information about the TYPO3-dev
mailing list