[TYPO3] Installing a sysext

[Xavier Perseguers]

>> Another question: I made my own authentication extension to be able to 
>> deal with an external database. Now after reading the code, what I 
>> fear is true, my extension won't be able to provide openID as well. 
>> You did what I wanted to do with this openid extension. Now, I know 
>> that this extension is not yet released but it would be great to let 
>> other authentication extensions "hook" as fallback authentication 
>> method if OpenID is not used. This way one could let OpenID work and 
>> use its own authentication method as well.
> 
> If I understood you right, there is no problem. Authentication services 
> are called in chain. So if there is no OpenID supplied by user, the 
> other service will be called to authenticate user. But if there is 
> OpenID and it is wrong, authentication will fail, which is correct 
> behaviour.

Great! I thought of "chain authentication" but you answered before I 
could clear my ideas ;-) Thus I'll only have to lower my priority to 
fall between openid and the standard authentication.

But as I read your code, this let's an OpenID authentication bypass 
completely my "business" authentication process, which cannot invalidate 
an existing FE/BE user to log in based on some business logic.

Currently I do what is needed to make authentication work, that is get 
user / authenticate user against an external source and when it's OK, 
create/update the FE/BE user in TYPO3 in order to actually let the user 
enter. Now if the business authentication process fails, although the 
user once could enter (no access granted anymore for instance), this 
process lets me deactivate his/her account on TYPO3 side. With the chain 
authentication, the user will always be able to authenticate using 
OpenID and I should rely on non-openID account to deactivate accounts 
that needs this or on cron job, which is not very cool.

-- 
Xavier Perseguers
http://xavier.perseguers.ch/en/tutorials/typo3.html