[Typo3-dev] Authentication through "Security-Question/Answer"?

[Martin Kutschker]

Christian Trabold schrieb:
> Hi!
> 
>> Well, I think you can do PAM authentication with some wrappers 
>> provided that all you need is a login/pwd pair for credentials.
>>
>> If you need a two step user interaction (user enters first part of 
>> credentials [username], server sends phrase, users enters second part 
>> [answer]) you need a custom login form extension. And I don't think 
>> this will fit well in the TYPO3 authentication layer as it expects 
>> this login/pwd pair. But perhaps you can fake it and do the real 
>> authentication in the plugin and have some token to be passed on a 
>> special authentication service that does no real authentication but 
>> just checks for this token.
> 
> 
> Well, I tried it this way:
> 
> I chosed Roberts extension rlmp_extdbauth to authenticate on an external 
> db which works great. Thanks Robert!
> 
> Now I patched the class a bit for that Question/Answer-Authentication:
> 
> First I get the postVars from the form. Then I check theses against the 
> external database to get the original password - which works too.
> 
> Then I set
> 
> $this->login['uident'] = password I got from the previous query
> $this->login['uname'] = original_name from form the user submitted
> 
> After that, the user should be authenticated as a regular user, 
> shouldn't he? But he does not :(

What object is $this?

Could you describe the process in detail. This is how I understand it:

* display 1st form (username)
* check username
* display 2nd form (passphrase)
* check passphrase

These steps should be done in your plugin.

Now you must post login data in the form field "user" and "pass" to 
invoke the TYPO3 authentication. Best would be to use these field names 
for the second form.

The evalution of the form values would then be in your authentication 
service and not in the plugin. Otherwise no user session will be 
created. I think it's this what you are experiencing.

Masi