Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Request Tracker: Devel

Re: [rt-users] External Authentication and Users

  

 
Request Tracker devel RSS feed   Index | Next | Previous | View Threaded


charlieb at aurema

May 3, 2000, 4:19 PM

Post #1 of 5 (334 views)
Permalink
Re: [rt-users] External Authentication and Users
[Follow changed to rt-devel]

On Wed, 3 May 2000, Tobias Brox wrote:

> We have to figure out a general interface for fetching user information
> (as I see it, we will only need three things in RT; login/nick, real name
> and email(s)) and authenticating a user towards an external system. From
> that point somebody (you, for instance) might make an effort linking this
> towards Lotus Domino.

Something to keep in mind is that it will be difficult to have a
one-size-fits-all solution. The user community of RT sites is quite
varied. One thing that we need to think hard about is the primary index
into the "people" relation. At the moment it is "login". This works really
well for an Intranet site, but "email address" is more appropriate for,
say, a software support site. To my mind, "email address" is more general,
although you still have a problem with aliasing for people with more than
one email address. We could, of course, ignore that.

For an intranet site, using loginname and system password is ideal, but
won't do for other sites. Where there is a mix of local users and external
folk, using system passwords for internal folk, and some other
authentication data base for "others" would be ideal, I would think.

Charlie Brady
Aurema Pty Ltd
PO Box 305, Strawberry Hills, NSW 2012, Australia
Email:charlieb [at] aurema, Tel: +61 2 9698 2322, Fax: +61 2 9699 9174
"I think it would be a good idea." Gandhi, on Western Civilisation.


jesse at fsck

May 3, 2000, 5:01 PM

Post #2 of 5 (327 views)
Permalink
Re: Re: [rt-users] External Authentication and Users [In reply to]
*nod* RT2 actually creates "accounts" for every requestor of a ticket.
unix username is no longer the primary key. I'll likely make it configurable
per-user whether a given user uses internal auth or external auth. But I don't
really want to get into design debates about it until it's closer to
time to develop it ;)
jesse

On Thu, May 04, 2000 at 09:19:44AM +1000, Charlie Brady wrote:
>
> [Follow changed to rt-devel]
>
> On Wed, 3 May 2000, Tobias Brox wrote:
>
> > We have to figure out a general interface for fetching user information
> > (as I see it, we will only need three things in RT; login/nick, real name
> > and email(s)) and authenticating a user towards an external system. From
> > that point somebody (you, for instance) might make an effort linking this
> > towards Lotus Domino.
>
> Something to keep in mind is that it will be difficult to have a
> one-size-fits-all solution. The user community of RT sites is quite
> varied. One thing that we need to think hard about is the primary index
> into the "people" relation. At the moment it is "login". This works really
> well for an Intranet site, but "email address" is more appropriate for,
> say, a software support site. To my mind, "email address" is more general,
> although you still have a problem with aliasing for people with more than
> one email address. We could, of course, ignore that.
>
> For an intranet site, using loginname and system password is ideal, but
> won't do for other sites. Where there is a mix of local users and external
> folk, using system passwords for internal folk, and some other
> authentication data base for "others" would be ideal, I would think.
>
> Charlie Brady
> Aurema Pty Ltd
> PO Box 305, Strawberry Hills, NSW 2012, Australia
> Email:charlieb [at] aurema, Tel: +61 2 9698 2322, Fax: +61 2 9699 9174
> "I think it would be a good idea." Gandhi, on Western Civilisation.
>
>
>
> _______________________________________________
> Rt-devel mailing list
> Rt-devel [at] lists
> http://lists.fsck.com/mailman/listinfo/rt-devel
>

--
jesse reed vincent -- jrvincent [at] wesleyan -- jesse [at] fsck
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
--------------------------------------------------------------
'"As the company that brought users the Internet, Netscape is now inviting
the more than 60 million people who have used our client software to
'tune up' and upgrade to Netscape Communicator," said Mike Homer,
senior vice president of marketing at Netscape.' Sometimes I wonder.


charlieb at aurema

May 3, 2000, 6:35 PM

Post #3 of 5 (332 views)
Permalink
Re: [rt-users] External Authentication and Users [In reply to]
[Followup moved to rt-devel]

On Wed, 3 May 2000, Rich Graves wrote:

> On Wed, 3 May 2000, R. Eriks Goodwin wrote:
>
> > Want to REALLY make my life wonderful? :-) How about integrating RT to
> > utilize Lotus Domino user lists and group lists? Maybe even a Domino
> > interface for the database in general? Any thoughts on this?
>
> Can Domino expose information via LDAP? I made some quick hacks to the
> adduser bits to autofill the full name and phone fields with Net::LDAP,
> maybe you can do something similar. This is far from real directory
> integration but it saved me a lot of typing.

I've always felt that the phone, location etc fields belonged in LDAP (or
some other directory service) and not in RT itself. So rather than
autofill from LDAP, I'd say just leave them out entirely from RT, or fetch
them directly from LDAP rather than RT's mySQL table when they are
needed.

[.Rich's LDAP patch can be found in the rt-user list archive.]

--

Charlie Brady
Aurema Pty Ltd
PO Box 305, Strawberry Hills, NSW 2012, Australia
Email:charlieb [at] aurema, Tel: +61 2 9698 2322, Fax: +61 2 9699 9174
"I think it would be a good idea." Gandhi, on Western Civilisation.


jesse at fsck

May 3, 2000, 9:05 PM

Post #4 of 5 (329 views)
Permalink
Re: Re: [rt-users] External Authentication and Users [In reply to]
One of the reasons that stuff is still in RT2 is that RT2 is designed to keep track of account info for users who may not have accounts in the local passwd file /ldap file /whatver. We do, however, add an "external id" perfect for doing LDAP lookups against.

On Thu, May 04, 2000 at 11:35:43AM +1000, Charlie Brady wrote:
> I've always felt that the phone, location etc fields belonged in LDAP (or
> some other directory service) and not in RT itself. So rather than
> autofill from LDAP, I'd say just leave them out entirely from RT, or fetch
> them directly from LDAP rather than RT's mySQL table when they are
> needed.

--
jesse reed vincent -- jrvincent [at] wesleyan -- jesse [at] fsck
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
--------------------------------------------------------------
'"As the company that brought users the Internet, Netscape is now inviting
the more than 60 million people who have used our client software to
'tune up' and upgrade to Netscape Communicator," said Mike Homer,
senior vice president of marketing at Netscape.' Sometimes I wonder.


tobiasb at tobiasb

May 4, 2000, 1:21 AM

Post #5 of 5 (331 views)
Permalink
Re: Re: [rt-users] External Authentication and Users [In reply to]
> I've always felt that the phone, location etc fields belonged in LDAP (or
> some other directory service) and not in RT itself.

*nod*. The only information RT needs is a textual identificator
(login/nick), real name and the email - and I think it should fetch it
from an external source, and I think authentification should be done
externally. Anyway, I'd say we keep the current design until after 2.0.

--
Tobias Brox
aka TobiX
+47 22 925 871

Request Tracker devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.