[Typo3-dev] Authentication through "Security-Question/Answer"?
Christian Trabold
trabold at mehrwert.de
Fri Jul 29 18:07:40 CEST 2005
Hi!
> Well, I think you can do PAM authentication with some wrappers provided that
> all you need is a login/pwd pair for credentials.
>
> If you need a two step user interaction (user enters first part of
> credentials [username], server sends phrase, users enters second part
> [answer]) you need a custom login form extension. And I don't think this
> will fit well in the TYPO3 authentication layer as it expects this login/pwd
> pair. But perhaps you can fake it and do the real authentication in the
> plugin and have some token to be passed on a special authentication service
> that does no real authentication but just checks for this token.
Well, I tried it this way:
I chosed Roberts extension rlmp_extdbauth to authenticate on an external
db which works great. Thanks Robert!
Now I patched the class a bit for that Question/Answer-Authentication:
First I get the postVars from the form. Then I check theses against the
external database to get the original password - which works too.
Then I set
$this->login['uident'] = password I got from the previous query
$this->login['uname'] = original_name from form the user submitted
After that, the user should be authenticated as a regular user,
shouldn't he? But he does not :(
The fe_user-session is not build up, which is confusing me right now.
Are there any restrictions or naming conventions for the incomming
post-vars of the login form? Are there any other settings I have to
make? What is the clue here? Thanks for any hint!
Christian
More information about the TYPO3-dev
mailing list