Changes between Initial Version and Version 1 of Ticket #322
- Timestamp:
- Dec 4, 2012, 1:52:12 AM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #322 – Description
initial v1 1 1 Many of our users would like to synchronize authz in their application with authz managed through moira lists. (Indeed, we'd probably like to do that with Trac --- http://sipb.mit.edu/trac/ticket/17. We also have a FAQ entry about doing this with Mediawiki --- http://scripts.mit.edu/faq/130/.) At the moment, I believe that requires either making your list an NFS group to use LDAP (which people dislike, given the group quota), using pts mem -noauth (which is vulnerable to a MITM), or juggling tickets and tokens to use pts mem with authentication. 2 2 3 If such a service already exists (a stable-ish looking LDAP server supporting HTTPS, for example), awesome. We should document it, and make sure our FAQ entries use that, not pts mem -noauth.3 If such a service already exists (a stable-ish looking LDAP server supporting SSL, for example), awesome. We should document it, and make sure our FAQ entries use that, not pts mem -noauth. 4 4 5 5 If not, we should write some service that uses an integrity-protected channel to get moira list membership and returned it to users. (One option would be a setuid program that basically just aklog'd with some principal it had access to and ran pts mem. Another would be a web service (possibly firewalled to localhost or accessible over unix socket) that did the same. Conceivably, this could use blanche, LDAP, or some other web service instead.