Re: [Ledger-smb-devel] Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)

2007-10-04 Thread Chris Travers
On 10/4/07, Toni Mueller <[EMAIL PROTECTED]> wrote: > > > Has PostgreSQL some sort of a 'sudo' feature? That could solve the > problem along the lines of "does this username/password pair > authenticate? if yes, execute the following query under the rights of > the associated role". It depends on

Re: [Ledger-smb-devel] Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)

2007-10-04 Thread Toni Mueller
Hi Josh, On Thu, 04.10.2007 at 11:03:24 -0700, Josh Berkus <[EMAIL PROTECTED]> wrote: > Toni, > > You have a username/password combination set for the application that > > the application uses to request eg. authentication data from the > > database. Alternatively, you leap and implement OpenID,

Re: [Ledger-smb-devel] Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)

2007-10-04 Thread Chris Travers
On 10/4/07, Toni Mueller <[EMAIL PROTECTED]> wrote: > > > I strongly suggest using the following authentication scheme, after > having battled non-cooperation between several authentication methods > for a while in a different context: > > You have a username/password combination set for the applic

Re: [Ledger-smb-devel] Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)

2007-10-04 Thread Chris Travers
On 10/3/07, John Hasler <[EMAIL PROTECTED]> wrote: > > Chris Travers writes: > > But consider Ubuntu. Do you *really* want us writing global options to > > your Apache configuration file, possibly ovewriting SSL options, etc? > > On Debian and therefor probably on Ubuntu you just drop a file in th

Re: [Ledger-smb-devel] Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)

2007-10-04 Thread Josh Berkus
Toni, > You have a username/password combination set for the application that > the application uses to request eg. authentication data from the > database. Alternatively, you leap and implement OpenID, which "solves" > all other problems for you. This sort of a scheme works with application user

Re: [Ledger-smb-devel] Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)

2007-10-04 Thread Toni Mueller
Hi, On Mon, 01.10.2007 at 17:29:36 -0700, Chris Travers <[EMAIL PROTECTED]> wrote: > On 10/1/07, Joshua D. Drake <[EMAIL PROTECTED]> wrote: > > Chris Travers wrote: > > > On 10/1/07, Joshua D. Drake <[EMAIL PROTECTED]> wrote: > > >> passwords will not be stored as plain text... they will be an e

Re: [Ledger-smb-devel] Re-authentication proposal for LedgerSMB 1.3 (HTTP Auth)

2007-10-04 Thread John Hasler
Chris Travers writes: > But consider Ubuntu. Do you *really* want us writing global options to > your Apache configuration file, possibly ovewriting SSL options, etc? On Debian and therefor probably on Ubuntu you just drop a file in the directory /etc/apache/conf.d. > I think the case can be mad