[TYPO3-team-core-v5] RSA Implementation / Login Controller

Andreas Förthner andreas.foerthner at netlogix.de
Tue Feb 10 08:35:28 CET 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Robert,

> I fixed a few style glitches but there's one thing which doesn't really work yet: the
> login controller. On my machine the RSA Username Password token is not
> available (maybe because the keypairs aren't even generated?) and therefore the
> controller crashes because you made it only work with the RSA variant.

Hi yes I noticed that yesterday, too. The problem is, that in your configuration the UsernamePassword provider is configured (needed for the TYPO3 BE Login) and not the RSAUsernamePassword provider. However, if I would change that, the TYPO3 Login Controller won't work anymore. Principally it is possible to have two different providers in parallel, but I didn't implement the needed RequestPatterns to use one for FLOW3 and the other for TYPO3. But that's in the works.

> It also seems like the key storage is not yet completely functional.
> Is it on purpose that you store the keys in the _temporary_ directory?

Yes, that was just the easiest way to make it somehow work, we should discuss that once again, where a possible "secure folder" should be created. And I still plan to hold the keys in an external process (some daemon I can connect to), to get the private-key data out of the PHP process scope.

> I've also seen that you commented the error checking out which should warn if the
> keystorage directory couldn't be created.

Hm, ok I'll have a look ;-)

> Just my 2 notes ;-)

Thanks for your review!

Greets Andi

Andreas Förthner
TYPO3 Research & Development

Telefon: +49 (911) 539909 - 0
E-Mail: andreas.foerthner at netlogix.de


- --
netlogix GmbH & Co. KG
Systemhaus | Trainingscenter | Medienagentur
Andernacher Straße 53 | 90411 Nürnberg
Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
E-Mail: mailto:info at netlogix.de | Internet: http://www.netlogix.de/

netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338).
Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
Geschäftsführer: Stefan Buchta, Matthias Schmidt, Guido-Arndt Söldner, Jens-Henrik Söldner




-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.9.1 (Build 287)
Charset: Windows-1252

wpUDBQFJkS4xVm6TtY1gxQoBCLNwA/97sda7PcC61MkBK5w9HhGBx3nx/1TrSTmY
hJB8ZQD74sIbe/eKYwAljKh1FGXNxLRspHhI+eaTsJeyuF15/GS/XdMTeHogI8ts
KpT+u75TZpJD/0doToh/IJLUfzdWEv2+1idFdRJhTEcqW/23QfTJRwKSJmqIFZf+
th0Ifh8wnQ==
=fGJU
-----END PGP SIGNATURE-----

More information about the TYPO3-team-core-v5 mailing list