[Typo3-dev] Authentication through "Security-Question/Answer"?
Martin Kutschker
martin.kutschker at no5pam.blackbox.net
Wed Jul 27 13:03:55 CEST 2005
"Sacha Ligthert" <sacha at ligthert.net> schrieb im Newsbeitrag
news:mailman.1012.1122453139.20617.typo3-dev at lists.netfielders.de...
> Martin Kutschker wrote:
>
>>And can you explain why a login/pwd pair is not enough? Three tokens to
>>remember (ok everybody should know his surname) seems to be quite a
>>hassle.
>>
>
> Because three tokens are desired in this case. And judging by what I have
> seen so far, I will not be suprised if people desire more sophisticated
> auth in the near future (Think of LDAP (supported),S/Key,
> Kerberos,PAM,stream of cypherstuff flowing from RSA,etc.).
Well, I think you can do PAM authentication with some wrappers provided that
all you need is a login/pwd pair for credentials.
If you need a two step user interaction (user enters first part of
credentials [username], server sends phrase, users enters second part
[answer]) you need a custom login form extension. And I don't think this
will fit well in the TYPO3 authentication layer as it expects this login/pwd
pair. But perhaps you can fake it and do the real authentication in the
plugin and have some token to be passed on a special authentication service
that does no real authentication but just checks for this token.
Masi
More information about the TYPO3-dev
mailing list