[haiku-web] Re: Drupal-Trac Single Sign-On...

  • From: "Niels Reedijk" <niels.reedijk@xxxxxxxxx>
  • To: haiku-web@xxxxxxxxxxxxx
  • Date: Fri, 21 Mar 2008 11:09:09 +0100

Hi Gavin/Jorge,

2008/3/18, Gavin James <gavin.james@xxxxxxxxxx>:
> Hi guys,
>
>  We've been graciously offered free hosting for our main website by
>  unixheads.org. They seem to know their stuff and feel more than
>  comfortable with meeting our requirements (even during a Slashdotting)
>  so we're going to be looking to take them up on their offer.

Ah, nice.

>  There is however a small issue we're going to need to workaround
>  before that can happen and that's Trac's integration with Drupal's
>  login system. As the two applications will be running on different
>  servers across the internet, we're not going to be able to have Trac
>  connect to Drupal's MySQL database to perform authentication as is the
>  case now.
>
>  I'm looking for suggestions as to alternatives. When the integration
>  broke a number of weeks ago we considered dropping it altogether. This
>  was unpopular with the few people who replied, so I think we should
>  consider that route our last possible option.

I agree with Jorge that it will not be an enormous problem to have a
separate login for Trac, but I also consider at least thinking of a
potential solution first to keep the status quo would be a good idea.

>  Niels mentioned OpenID a while back, and there are modules available
>  for both Drupal and Trac that allow OpenID as an authentication
>  provider. But for this to be useful we would also need to setup our
>  own OpenID identity provider to cater for those who don't yet have an
>  OpenID. I don't know how much work this would be, but my gut instinct
>  is far more than it's worth, but I'd like to hear what everyone else
>  thinks about this.

Well, the problem with OpenID is the issue of trust. The concept is
extremely nice, but in practice I think it just has 'please exploit
me' written all over it. We would force our users to find an identity
provider they can trust (which - in the digital world - is no one). At
the other hand: if we set up our own identity provider, we will become
responsible for the data of all the users. So OpenID as main
authentication is not a good idea (though - at a certain point - using
OpenID as a method of authentication should be discussed).

Basically, I can think of the following scenarios:
- Using an SSH secure tunnel, mirror the database (hourly, for
example, or perhaps even 'push' style if there is a good way to check
if the table changed)

- Use an XMLRPC authentication mechanism. The Trac server will perform
a request whenever a login is taking place, and retrieves the details
of the user that way.

I don't know if Unixware will allow 1. I should be able to write a
plugin for Trac for 2, and a quick google search shows that drupal
should already provide an XML plugin.

N.
-----------------------------------------------------------------------
haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List

Other related posts: