+ Post New Thread
Results 1 to 7 of 7
Web Development Thread, What form of auth? in Coding and Web Development; I'd developing a website at the moment and am thinking about the best way for future users to populate the ...
  1. #1

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,639
    Thank Post
    514
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831

    What form of auth?

    I'd developing a website at the moment and am thinking about the best way for future users to populate the system with their own users. As it stands I have the following options:

    1. Use the old-fashioned method of importing CSV or XML files, combined with manual additions.
    2. Have a mini application which periodically uploads data to the site, which is installed on a machine in the user's network.
    3. Implement Shibboleth, with an embedded discovery service
    4. Use Radius, with Pear::Auth_RADIUS - meaning users can install a radius server on their network, and hook it up to whatever auth system they have in place, and expose that to my site for auth.
    5. Use OpenZIS and SIF to import data from networks.

    Now, each one has pros/cons, some are easier to implement than others and I suppose I could give users the option between different methods.

    I am also thinking that I may want to combine 2 methods - such as using Shibboleth for auth SSO and SIF or a custom app for population of extra data (pupil year, class membership etc...).

    However, what do people here think?
    Last edited by localzuk; 26th June 2011 at 12:02 AM.

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,783
    Thank Post
    1,623
    Thanked 1,877 Times in 1,395 Posts
    Blog Entries
    2
    Rep Power
    422
    Radius would be better so users could use theor own ADUC/LDAP , but that's just me

  3. #3

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,639
    Thank Post
    514
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    I've been having a look at RADIUS and whilst it can handle the whole authentication aspect (ie. is the user logging in valid etc...) but it can't handle anything more than that, in terms of group membership, without trying to shoe-horn it into doing something it shouldn't. Also, RADIUS uses MD5 hashing as its method of securing data - which is inherently insecure.

    I'm thinking Shibboleth will be the same in terms of user auth (but not security), so it looks to me like I am going to need 2 systems -

    1. To handle auth itself
    2. To handle extra data, such as groups.

    Problem I can see is that as it stands, there would be no link between users in method 1 and method 2.

    How can I achieve this sensibly? A custom app? Getting the users to update the AD with an ID which links the MIS data to the AD itself? Kinda drawing a blank here!

  4. #4

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,403
    Thank Post
    637
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319
    Can you not just look up users in Active Directory? adLDAP is a good library for authenticating and getting group membership information.

  5. #5

    Join Date
    Jul 2005
    Location
    Rugby
    Posts
    432
    Thank Post
    17
    Thanked 66 Times in 61 Posts
    Rep Power
    35
    I second AD as an option. It's what I use to auth our intranet/rewards/homework site. Additionally it runs an import for data from sims.

    Matt

  6. #6

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,639
    Thank Post
    514
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by webman View Post
    Can you not just look up users in Active Directory? adLDAP is a good library for authenticating and getting group membership information.
    Would that not mean people having to expose their AD to the internet? Which is generally seen as a Bad Idea (TM)?

    This isn't for a single school - this will be for multiple schools, all with their own users, but with the website being centrally hosted.

  7. #7

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,403
    Thank Post
    637
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319
    Oh right, I thought it was a locally-installable thing. So obviously no, adLDAP isn't going to be of any use at all

SHARE:
+ Post New Thread

Similar Threads

  1. Proxy Auth
    By rob998 in forum EduSweep
    Replies: 2
    Last Post: 23rd March 2011, 01:19 PM
  2. VBA Code to copy all form updates to one form
    By acrobson in forum Coding
    Replies: 2
    Last Post: 27th January 2010, 07:04 PM
  3. Auth to AD
    By ful56_uk in forum Web Development
    Replies: 2
    Last Post: 8th January 2010, 08:24 PM
  4. Moodle LDAP Auth
    By FN-GM in forum Virtual Learning Platforms
    Replies: 36
    Last Post: 9th April 2009, 11:55 AM
  5. NTLM auth squid
    By Jackd in forum *nix
    Replies: 10
    Last Post: 21st April 2008, 09:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •