Kyle Hall schreef op ma 27-07-2015 om 07:22 [-0400]:
I think authentication is the perfect way to use interfaces in Koha! That way we can have a standard API for authentication be it internal, ldap, cas, or whatever! Right now the way C4::Auth and it's ilk are mixed together definitely creates headaches when attempting to debug authentication issues.
I've been complaining to anyone who'd listen that our current way of doing auth is hacks upon hacks upon hacks, and if I had all the time in the world I'd rewrite it using a modular architecture, along these lines. Then you can configure the classes in koha-conf.xml, and have a sequence, e.g.: <auth> <koha save="true" /> <!-- koha internal auth is checked first, save this login if it succeeds and isn't already here --> <certificate certfield="commonname" kohafield="email" /> <!-- SSL client certificates is checked second --> <ldap> ... ldap details ... </ldap> </auth> or something along those lines, so you can build up your own authentication process. Unfortunately, I don't have all the time in the world, so this hasn't been anything more than a thought experiment for me so far :) -- Robin Sheat Catalyst IT Ltd. ✆ +64 4 803 2204 GPG: 5FA7 4B49 1E4D CAA4 4C38 8505 77F5 B724 F871 3BDF