Henrik, I was thinking that Administration entails Authentication and Authorization. The section on Authentication could cover (eventually) all of Drizzle's auth plugins and other authentication-related information like how to make the drizzle client work with those auth plugins by using --protocol mysql-plugin-auth. And Authorization could talk about the various policy plugins.
So maybe you could write Authorization for the auth plugins you want to feature, and I can write Authentication? As for auth_schema, I'm glad you like it. :-) I will have it ready to go by the end of this week and then I'll propose it for merging, It's not perfect yet, but I think it's useful enough. -Daniel Le 2 oct. 2011 à 14:39, Henrik Ingo a écrit : > I picked ldap_auth and pam_auth for our focus areas: > https://blueprints.launchpad.net/drizzle/+spec/docs71-focus-areas I > now realize auth_schema should be included too, unless of course we > think it is implied by Administration. > > Basically I want to make sure that docs/index.rst in those 3 plugins > is usable for the average user. It seems it is mostly a question of > supplying a good example section in addition to the file you've > generated. When you say you want to document administration, do you > want to claim all of auth_pam/docs/index.rst for yourself? Feel free > to do so. I assume auth_schema is part of administration. > > I started today trying to understand ldap_auth. (And it seems to be a > rule that no matter how innocent things I do I end up changing > Makefile.am. In this case plugin/ldap_auth/ has material that is only > there if you work from bzr repository, so to document how to create > LDAP users, I first have to move a utility from noinst_PROGRAMS to > bin_PROGRAMS... > > From what I've learned today, auth_pam is a good authentication > method, except for the drawback that you end up using plaintext > passwords. auth_ldap actually has an advantage it is designed to store > the MySQL hashed passwords in a custom LDAP field, however it is way > too complex for the average user to setup. (It mostly just makes sense > if you already use LDAP.) > > A conclusion of the above is that I really appreciate you creating > auth_schema, and hope it is included in the beta because it is the > only alternative that is both secure and user friendly and should be > the default and recommended auth plugin. > > henrik > > > On Sun, Oct 2, 2011 at 7:34 PM, Daniel Nichter <[email protected]> wrote: >> Hi Henrik, >> >> Correct: I did not update the docs. When I update the Administration docs >> for 7.1, I will mention it. What docs are you updating where it's relevant? >> >> -Daniel >> >> Le 2 oct. 2011 à 03:15, Henrik Ingo a écrit : >> >>> Hi Daniel >>> >>> Related to your work in figuring out PAM authentication and knowing >>> that you worked a little on documentation, am I correct that you >>> didn't update any docs for this? I was thinking to select this as a >>> focus area where we should update the docs for 7.1 release. I'm >>> volunteering to do it, and the info in your blog post is already >>> sufficient, just wanted to check you are not sitting on some >>> documentation that I don't see yet in trunk? >>> >>> henrik >>> >>> On Fri, Sep 9, 2011 at 4:52 AM, Daniel Nichter <[email protected]> wrote: >>>> This has been resolved: >>>> http://hackdrizzle.com/authenticating-with-authentication-plugins/ >>>> >>>> Le 9 août 2011 à 18:12, Daniel Nichter a écrit : >>>> >>>>> I'd like to draw attention to >>>>> https://bugs.launchpad.net/drizzle/+bug/823637: "auth_pam and auth_http >>>>> do not work". I think the reason is that the authentication system does >>>>> not pass authentication plugins a plaintext password, only a >>>>> MySQL-scrambled hash of the original plaintext password. I've verified >>>>> that this is problem with auth_http by manually inserting a plaintext >>>>> password. >>>>> >>>>> If this is the root problem, then I don't see how the authentication >>>>> system will work because a MySQL password hash is only useful for MySQL, >>>>> i.e. pam and curl can't use it. Can the plaintext password still be >>>>> accessed? >>>>> >>>>> -Daniel >>>>> _______________________________________________ >>>>> Mailing list: https://launchpad.net/~drizzle-discuss >>>>> Post to : [email protected] >>>>> Unsubscribe : https://launchpad.net/~drizzle-discuss >>>>> More help : https://help.launchpad.net/ListHelp >>>> >>>> >>>> _______________________________________________ >>>> Mailing list: https://launchpad.net/~drizzle-discuss >>>> Post to : [email protected] >>>> Unsubscribe : https://launchpad.net/~drizzle-discuss >>>> More help : https://help.launchpad.net/ListHelp >>>> >>> >>> >>> >>> -- >>> [email protected] >>> +358-40-8211286 skype: henrik.ingo irc: hingo >>> www.openlife.cc >>> >>> My LinkedIn profile: http://www.linkedin.com/profile/view?id=9522559 >> >> > > > > -- > [email protected] > +358-40-8211286 skype: henrik.ingo irc: hingo > www.openlife.cc > > My LinkedIn profile: http://www.linkedin.com/profile/view?id=9522559
_______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
