[TYPO3-english] A way to authenticate Typo3-Users/Admins via SSH
s.schnur at gsd-software.net
Wed Feb 18 14:48:12 CET 2009
Hello again :)
Well, I think it would be very complicated to create authentication over
ssh and ldap. And yes, I just wanted to know if it's possible.
Thank you for the short tutorial, Steffen. I think the right extension
might be http://typo3.org/extensions/repository/view/ldap_auth/current/
(ldap_auth). There's an existing LDAP. I'm always authenticating myself
I just want to authenticate users and their permissions. Nothing else.
If it works, I only have to add a LDAP user to an existing
[QUOTE]I guess you are talking about letting your BE users authenticate on your
server and gain SSH access?
Then I would let SSH use a pam_ldap mechanism and then use a LDAP
extension for TYPO3 that let's you synchronize your user account in both
direction. Because if you let them change their password from within
TYPO3's backend, then they'll still have to use their "old" LDAP
password if it is not synchronized back.[/QUOTE]
pam_ldap should be the right way I think. I haven't found an extension
that is synchronizing user-accounts, yet.
The "MySQL-Way" which was described, is the usually way. But I want to
do something different, cause I think it's easier to manage.
Have a nice day all!
Steffen Ritter wrote:
> Dmitry Dulepov schrieb:
>> Sebastian Schnur wrote:
>>> is there any way to authenticate Typo3-Users and Admins via SSH? Maybe
>>> SSH and LDAP.
>>> I know, that the Users/Admins are stored in a MySQL-Table.
>> How are you going to create your browser's cookie using ssh? :)
> I think he meant an authservice communicating over ssh with ldap.
> Well this is possible... With restrictions I think.
> First thing is:
> Build an auth service quering your LOCAL! ldap for auth.
> Since Ldap might have all information the be_user table grants you will
> have to state "dummy users" for each group you wanna provide.
> And then use your auth_service to merge the (configured) dummy-user to
> the user information from ldap. You might even cache such created
> records in a db table.
> There are already some ldap auth services:
> Probably you might find what your are searching for, but i think it
> would be easy to build up on this, if you have special needs.
> Second step would be, "killing" the local ldap, building an stunnel for
> ldap. So that your typo3 thinks communicating with local ldap, which is
> - in behind - working over ssh-tunneling.
> So far
> hope that matches your task
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
More information about the TYPO3-english