Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
[dev.icinga.com #333] Finish user authentification concept #47
This issue has been migrated from Redmine: https://dev.icinga.com/issues/333
Created by mhein on 2010-03-12 10:34:50 +00:00
2010-08-18 09:20:13 +00:00 by mhein ee51d10
Updated by Anonymous on 2010-07-21 11:07:30 +00:00
Are you thinking about B?
I think C) would be best, unless some Apache guru can provide assistance with B) for large scale environments (100+ users)
Updated by mhein on 2010-07-21 11:17:19 +00:00
C is already implemented. The other problem on apache only based auth is that you need already created users. Therefore we need providers to import userdata into the system, and others which authenticate. You can not create and keep a setup in sync with 200+ users.
The problem with httpbasic is the login mask and the initial cookie creation step (I do not want to authenticate on all pages). I think we need a new mask with a button (You are XXX, press to proceed).
I think the "only" thing is a provider which authenticated agains the REMOTE_USER field.
Updated by Anonymous on 2010-07-21 11:26:42 +00:00
ah, didnt know it was already in ;-)
Is this scenario possible?:
Updated by mhein on 2010-07-21 12:23:52 +00:00
Yes ;-) I should update the issues .....
Yes, it is. But only one group with on provider, but you can use the same provider type several times. Each of them has it's own query to determine which user occurs in the group. If this user is found, the provider imports them and assign them to the belonging icinga group.
But you have to take the group_map attribute from the global scope into the provider scope.
Updated by mhein on 2010-09-01 10:31:30 +00:00
- 1.0 User tries to login - 1.1 Yes user is in the system - Loading the belonging provider - Provider can update (auth\_update) - Update user profile - Provider is 'authoritative' - Authenticate against - Fail and auth\_resume - Try other provider in the configured order - Iterate to all the others and try only authenticate - Fail and not auth\_resume - NO LOGIN - Provider is not authoritative and auth\_resume - Try other provider in the configured order - Provider is not authoritative - NO LOGIN - 1.2 NO user is not available - Iterate through all providers - Yes user is available on the provider - Yes provider can import (auth\_import) - Import the user profile and goto 1.1