---- louis gonzales <[EMAIL PROTECTED]> wrote:
> Hello Dist,
> What are some best practices on an initial form taking a PW/ID from a
> user to login.
Personally and professionally, I prefer to maintain my account structure in an
external database, such as LDAP, and let the webserver do the actual
authentication (session based authentication, doesn't get lost from page to
page). I then only have to manage authorization and access control (using
$ENV{REMOTE_USER}). Fact is, I've so far managed to avoid having to write my
own authentication scheme, but wouldn't anyway, since there are so many good
modules[1] out there...
There are many tools[2] for letting users manage their own LDAP account
details, which you can wrap in a form of your liking. It is also possible to
put together an page that would allow them to reset their password with
knowledge of a "secret" question/answer passphrase. It's a bit of a classic,
but it's a good classic, one the works...
1) http://www.modperl.com/
2) http://ldap.perl.org/
HTH,
amonotod
--
`\|||/ amonotod@ | sun|perl|windows
(@@) charter.net | sysadmin|dba
ooO_(_)_Ooo____________________________________
_____|_____|_____|_____|_____|_____|_____|_____|
