>> 2) Get rid of the basic auth and use a form-based login > My 2cents: please keep basic auth, at least as an option. I really dislike form-based login
Isn't authentication supposed to be just a wrapper application in WSGI, so your app doesn't have to worry about how it happens? Like "app_im_serving = authentication_wrapper(real_cobbler_app)" or somesuch? In my environment we have to use smartcards for authentication. The effect on the server side is that an SSL client certificate is presented. Our (HTTPS only) servers must require this as part of the SSL/TLS handshake, so if an HTTP connection happens and a web app is summoned to reply with a page, the user is authenticated already, it's just a question of what they're authorized to do in Cobbler. A successful authentication system based on our requirements should be dead easy to make - a dozen lines of Python or so - but it's essentially a third thing which isn't quite basic auth nor form-based login, and it may not legitimately be Cobbler's problem. _______________________________________________ cobbler-devel mailing list cobbler-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/cobbler-devel
