[TYPO3-project-4-3] Making RSA Auth default login method?
Michael Stucki
michael at typo3.org
Wed May 6 11:30:21 CEST 2009
Hi Dmitry,
>> That's all. Any value that changes that setting will be loaded
>> after this file and thus overrides successfully.
>
> This should be in the rsaauth extension, not anywhere else. Rsaauth
> should be the only one who contains all logic and all checks.
> Otherwise we will get a second "workspaces" thing that is all over
> the system and no one knows where it is exactly :) I really want
> TYPO3 to be modular, each module 100% responsible for its functions.
I absolutely agree with you. And I think it should be possible to do so:
EXT:rsaauth/ext_localconf.php:
if (!$EXTCONF['notTryToSetAsDefault']) {
if ($openssl_is_active) {
$TYPO3_CONF_VARS['BE']['loginSecurityLevel'] = 'rsa';
}
}
How about this? So the default settings in config_default.php would not
be touched.
> The check for the RSA availability must use the backends I described
> in the previous paragraphs. Checks must not be outside of the
> backends because backends contain the logic to determine if they can
> run. Moving this logic outside breaks integrity and will cause
> duplicate code.
I see. You want to keep the availability check of OpenSSL (PHP or
cmdline) within the corresponding backend. Makes sense.
> Yet another problem in the "if" above is that it forces RSA auth.
> What if I want to use LDAP auth instead? I will not be able to do it
> because RSA will be forced.
Allow to exclude this using an EXTCONF setting (see above).
> So if the check you propose is implemented, it:
> - must be in the rsaauth extension
Agree.
> - must call RSA backends to check if they are available (= use factory
> to get a backend, null means "not available")
If the extension must be installed explicitely, I think it is acceptable
to die with a meaningful warning. Users can react easily by unloading
"rsaauth". They don't need to look for OpenSSL or order installation
permissions first.
> - must not force rsa method but remove it if the method is set but
> unavailable
Not necessary then.
Here is a new proposal, trying to put everything together:
- rsaauth is not loaded by default (left out of RequiredExtList)
- rsaauth is added to ExtList for new sites (see dummy.tar.gz)
- When rsaauth is loaded, it will be enabled by default using the check
above (well, remove the line with the check about openssl
availability)
- If enabled and the backend misses OpenSSL => die greatly (no fallback)
- If user wants to switch back, he just needs to unload the extension
What do you think?
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-project-4-3
mailing list