Modify

Opened 8 years ago

Last modified 4 years ago

#1061 new enhancement

Extend AccountManager to allow non-password-based authentication methods

Reported by: dottedmag Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: needinfo authentication password-less
Cc: sascha_silbe, thijs Trac Release: 0.11

Description

Extracted from #173.

AccountManagerPlugin currently supports only username/password password authentication. There are other means of authentication (say, OpenID, and OpenIdPlugin is incompatible with AccountManagerPlugin right now), and AccountManagerPlugin may be extended to integrate all such functionality, refactoring "username"-"password" relation to the generic "username"-"set of credentials".

Attachments (0)

Change History (6)

comment:1 follow-up: Changed 6 years ago by sascha_silbe

  • Cc sascha_silbe added; anonymous removed

Automatic authentication via raw SSL keys (from SSL client certificate - no verification of the certificate records, just match the key to an account) would be wonderful. While that's feature request on its own, it should be probably be considered while refactoring AccountManagerPlugin.

comment:2 Changed 5 years ago by thijs

  • Cc thijs added

This would be a great idea but it probably needs multiple tickets, or this ticket should be used as a master ticket. Facebook Connect support would be nice as well.

comment:3 Changed 4 years ago by hasienda

  • Keywords needinfo authentication password-less added
  • Owner changed from mgood to hasienda

Any news? More detailed ideas and patches welcome.

comment:4 Changed 4 years ago by hasienda

The idea of this ticket has been supported in #173 before.

comment:5 Changed 4 years ago by hasienda

Just a pointer to have a closer look at a candidate for integration:

https://github.com/openid/python-openid/blob/master/openid/consumer/consumer.py

comment:6 in reply to: ↑ 1 Changed 4 years ago by hasienda

Replying to sascha_silbe:

Automatic authentication via raw SSL keys (from SSL client certificate - no verification of the certificate records, just match the key to an account) would be wonderful.

I haven't got a clear idea on the use case. Would you dare to explain a bit more, how you think SSL/TLS auth should be accomplished? How would you do that from your browser?

A good resource to start further discussions could be Heikki Toivonen's Blog on SSL in Python. He is the current maintainer of M2Crypto, an alternative SSL module for Python. As we still consider support for Python2.4 to be important and first SSL module appears in Python2.6, we'll definitely end up with an additional dependency. M2Crypto seems like the best candidate so far.

Add Comment

Modify Ticket

Action
as new The owner will remain hasienda.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.