Hi all, I'm using Catalyst::Authentication::Store::LDAP to authenticate users, but now I need to allow some of them to single-signon without a password, like this:
if( $is_sso ) { $c->authenticate({ id=> $user }); ## I trust this dude, so skip the check_password sub } else { $c->authenticate({ id=> $user, password=>$password ); ## old fashioned } I'm looking at the authentication internals and it seems to be missing a per-user flag to disable password checking. Only a global realm-based password_type=>'none' exists. Am I correct? On the other hand, switching realms to a passwordless LDAP where password_type=>'none' either duplicates information sensesly, or is a little bit messy since it needs a MyApp.pm startup config hack. But it seems like the only doable option right now. To make matters worse, LDAP::User::check_password also checks user roles since it needs the password to bind to the ldap server. That could make it more difficult to implement a passwordless flag at any level on the authenticate chain. Any views on this? regards, rodrigo
_______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/