I've added a hack to C4/Auth.pm that allows you to turn off authentication entirely. Just set the "insecure" systempreference to the string "yes". The effect is that C4::Auth doesn't bother authenticating and just allows you to do anything you like, without your session ever timing out, or indeed without requiring a session. I find this convenient because my installation is in a physically secure location, and all of my librarians (me) are trusted. For obvious reasons, this isn't advertised as a feature. If this is deemed to be a Bad Thing, just back out the latest update. In the longer term, it'd be nice to introduce the notion of trusted (and untrusted) users and secure (or insecure) workstations. It shouldn't be too hard to implement user and host groups, and ACLs for users, hosts, and network ranges. -- Andrew Arensburger This message *does* represent the arensb@ooblick.com views of ooblick.com "You see? You see? Your stupid minds! Stupid! Stupid!" -- Plan 9
participants (1)
-
Andrew Arensburger