Hi Gavin/Jorge, 2008/3/18, Gavin James <gavin.james@xxxxxxxxxx>: > Hi guys, > > We've been graciously offered free hosting for our main website by > unixheads.org. They seem to know their stuff and feel more than > comfortable with meeting our requirements (even during a Slashdotting) > so we're going to be looking to take them up on their offer. Ah, nice. > There is however a small issue we're going to need to workaround > before that can happen and that's Trac's integration with Drupal's > login system. As the two applications will be running on different > servers across the internet, we're not going to be able to have Trac > connect to Drupal's MySQL database to perform authentication as is the > case now. > > I'm looking for suggestions as to alternatives. When the integration > broke a number of weeks ago we considered dropping it altogether. This > was unpopular with the few people who replied, so I think we should > consider that route our last possible option. I agree with Jorge that it will not be an enormous problem to have a separate login for Trac, but I also consider at least thinking of a potential solution first to keep the status quo would be a good idea. > Niels mentioned OpenID a while back, and there are modules available > for both Drupal and Trac that allow OpenID as an authentication > provider. But for this to be useful we would also need to setup our > own OpenID identity provider to cater for those who don't yet have an > OpenID. I don't know how much work this would be, but my gut instinct > is far more than it's worth, but I'd like to hear what everyone else > thinks about this. Well, the problem with OpenID is the issue of trust. The concept is extremely nice, but in practice I think it just has 'please exploit me' written all over it. We would force our users to find an identity provider they can trust (which - in the digital world - is no one). At the other hand: if we set up our own identity provider, we will become responsible for the data of all the users. So OpenID as main authentication is not a good idea (though - at a certain point - using OpenID as a method of authentication should be discussed). Basically, I can think of the following scenarios: - Using an SSH secure tunnel, mirror the database (hourly, for example, or perhaps even 'push' style if there is a good way to check if the table changed) - Use an XMLRPC authentication mechanism. The Trac server will perform a request whenever a login is taking place, and retrieves the details of the user that way. I don't know if Unixware will allow 1. I should be able to write a plugin for Trac for 2, and a quick google search shows that drupal should already provide an XML plugin. N. ----------------------------------------------------------------------- haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List