[TYPO3-english] A way to authenticate Typo3-Users/Admins via SSH

Sebastian Schnur s.schnur at gsd-software.net
Wed Feb 18 14:48:12 CET 2009 

Hello again :)

Well, I think it would be very complicated to create authentication over 
ssh and ldap. And yes, I just wanted to know if it's possible.

Thank you for the short tutorial, Steffen. I think the right extension 
might be http://typo3.org/extensions/repository/view/ldap_auth/current/ 
(ldap_auth). There's an existing LDAP. I'm always authenticating myself 
over LDAP.
I just want to authenticate users and their permissions. Nothing else. 
If it works, I only have to add a LDAP user to an existing 
Typo3-Configuration.

[QUOTE]I guess you are talking about letting your BE users authenticate on your 
server and gain SSH access?

Then I would let SSH use a pam_ldap mechanism and then use a LDAP 
extension for TYPO3 that let's you synchronize your user account in both 
direction. Because if you let them change their password from within 
TYPO3's backend, then they'll still have to use their "old" LDAP 
password if it is not synchronized back.[/QUOTE]



pam_ldap should be the right way I think. I haven't found an extension 
that is synchronizing user-accounts, yet.

The "MySQL-Way" which was described, is the usually way. But I want to 
do something different, cause I think it's easier to manage.

Have a nice day all!

Sebastian

Steffen Ritter wrote:
> Dmitry Dulepov schrieb:
>   
>> Hi!
>>
>> Sebastian Schnur wrote:
>>     
>>> is there any way to authenticate Typo3-Users and Admins via SSH? Maybe
>>> SSH and LDAP.
>>> I know, that the Users/Admins are stored in a MySQL-Table.
>>>       
>> How are you going to create your browser's cookie using ssh? :)
>>
>>     
> I think he meant an authservice communicating over ssh with ldap.
>
> Well this is possible... With restrictions I think.
> First thing is:
> Build an auth service quering your LOCAL! ldap for auth.
> Since Ldap might have all information the be_user table grants you will 
> have to state "dummy users" for each group you wanna provide.
> And then use your auth_service to merge the (configured) dummy-user to 
> the user information from ldap. You might even cache such created 
> records in a db table.
> There are already some ldap auth services:
> http://typo3.org/extensions/repository/?tx_terfe_pi1[view]=search&no_cache=1&tx_terfe_pi1[sword]=ldap
> Probably you might find what your are searching for, but i think it 
> would be easy to build up on this, if you have special needs.
>
> Second step would be, "killing" the local ldap, building an stunnel  for 
> ldap. So that your typo3 thinks communicating with local ldap, which is 
> - in behind - working over ssh-tunneling.
>
> So far
> hope that matches your task
>
> Steffen
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.netfielders.de
> http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-english
>

More information about the TYPO3-english mailing list