[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3
Martin Kutschker
masi-no at spam-typo3.org
Fri Oct 3 14:09:15 CEST 2008
Dmitry Dulepov schrieb:
> Hi!
>
> Xavier Perseguers wrote:
>> +1 based on testing. Doc is OK too but I would like to read something
>> about /dev/urandom that needs to be allowed for reading by the www user.
>
> Good point. I think we can modify sv1 to have this code before including
> OpenID library:
>
> // Make sure that random generator is properly set up
> if (!is_readable('/dev/urandom')) {
> if (is_readable('/dev/random')) {
> define('Auth_OpenID_RAND_SOURCE', '/dev/random');
> } else {
> define('Auth_OpenID_RAND_SOURCE', null);
> }
> }
Nice idea. I see in the OpenID classes that a user error is triggered
when these devices are not present. The code tries later on to
circumvent the problem with a built-in random number generation.
Question: do we need to catch this error with an error handler to make
this thing work on Windows. Does it make sense to provide a
configuration option to let the OpenID classes read from some other
"file"? I'm thinking of entropy gaterhing daemons.
Masi
More information about the TYPO3-team-core
mailing list