Hi,
For what I've seen, first issue to address is that password is hashed on
client side before to opening the and in this scenario has be sent to a
server
In my mind external authentication should be plugged in as an additional
option without creating incompatibilities (especially in the protocol)
It could be obtained by using connectionInfo properties; a new client side
property AUTHREALM={xxx} trigger:
* on client to store the password in a temporary property (like _PASSWORD)
* on server side it act as a flag for externally authenticated users
At the end of authentication these properties should be removed from
connectionInfo on both sides
Another point is how to model it:
- it would be great to define external users as temporary database users
- rights of external users to object database managed trough roles
- mapping between external users and database roles performed during
authentication
What do you think?
I'm creating a prototype (project mysinmyc/h2database) to preview the
feature; obviosly i've to perform some tests to make it stable
There is a running server sample org.h2.samples.MockAuthenticator that
accept any user (password=username)
Il giorno sabato 12 maggio 2018 06:52:24 UTC+2, AleVen ha scritto:
>
> Hi,
>
> To expose directly H2 databases to end users it would be great support for
> external authentication providers (like ldap,...) .
>
>
> Many thanks
>
>
>
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to h2-database+unsubscr...@googlegroups.com.
To post to this group, send email to h2-database@googlegroups.com.
Visit this group at https://groups.google.com/group/h2-database.
For more options, visit https://groups.google.com/d/optout.
