[Typo3-dev] Authentication through "Security-Question/Answer"?

[Christian Trabold]

Hi!

> Well, I think you can do PAM authentication with some wrappers provided that 
> all you need is a login/pwd pair for credentials.
> 
> If you need a two step user interaction (user enters first part of 
> credentials [username], server sends phrase, users enters second part 
> [answer]) you need a custom login form extension. And I don't think this 
> will fit well in the TYPO3 authentication layer as it expects this login/pwd 
> pair. But perhaps you can fake it and do the real authentication in the 
> plugin and have some token to be passed on a special authentication service 
> that does no real authentication but just checks for this token.

Well, I tried it this way:

I chosed Roberts extension rlmp_extdbauth to authenticate on an external 
db which works great. Thanks Robert!

Now I patched the class a bit for that Question/Answer-Authentication:

First I get the postVars from the form. Then I check theses against the 
external database to get the original password - which works too.

Then I set

$this->login['uident'] = password I got from the previous query
$this->login['uname'] = original_name from form the user submitted

After that, the user should be authenticated as a regular user, 
shouldn't he? But he does not :(

The fe_user-session is not build up, which is confusing me right now.

Are there any restrictions or naming conventions for the incomming 
post-vars of the login form? Are there any other settings I have to 
make? What is the clue here? Thanks for any hint!


Christian