[rt-users] Unwieldy users list...
Anil Madhavapeddy
anil at recoil.org
Mon May 1 18:28:53 EDT 2000
Jesse wrote:
> >
> > On a related note (to manageability of users), I'd be interested in
> > some sort of external authentication API (to allow authentication
> > separate from username/passwords in the rt database).
> >
>
> I'll ponder this. Do people who want an external authentication mechanism
> want it in addition to rt internal authentication or instead of it?
> Additionally, will _all_ users use the external mechanism or only
> some users?
>
Would be very very useful. Given that the vast majority of deployments
for this would probably be in an environment with some sort of existing
authentication environment ...
Personally, I'd use it instead of the internal authentication, but I
could see an "or" facility being useful (do a local database lookup
if external auth fails).
Something abstract like PAM would be cool, as that opens up a large
number of possibilities (I _think_ it supports NIS, and certainly
passwd, shadow and database auth).
Of course, SSL support becomes pretty vital then ... the whole thing
is wide open to snooping otherwise, which is an advantage of the
existing system; it allows users to have an insecure web authentication
without compromising their actual system passwords. (con: they keep
on forgetting one of them).
Anil
More information about the rt-users
mailing list