Forum OpenACS Development: auth-imap; and external authentication specification question

Collapse
1: auth-imap; and external authentication specification question
Posted by Georg Lehner on 01/22/04 09:57 PM
I am working on an external authentication driver modules which uses an IMAP conection to authenticate a user.

This would allow to authenticate users to yet existing user bases in a very simple way.

One thing I am not sure about is, how (and if) non-implemented function have to be ... implemented:

Example:
----
RetrievePassword
Input:
    username
    parameters (array-list of key/value pairs)
Output:
    successful_p: boolean
    password (or blank, if the server sends the user its new password
        directly)
    message: To be relayed to the user
----
If "CanRetrievePassword" returns 'f' all the time, has a service contract for this function to be registered?  And if, what should it return?

This module is inspired by the way how TMDA manages authentication sources.  They can do it with POP3 too, but I have not found a POP3 module for Aolserver.

Collapse
2: Re: auth-imap; and external authentication specification question (response to 1)
Posted by Patrick Giagnocavo on 01/23/04 01:29 AM
Hi Georg,

That is a great idea, to use IMAP and POP3.

I have played around with the POP3 code in the tcllib repository, found at http://tcllib.sf.net/ .  I think if you can get around the "package require" parts (or if you are using AOLserver v4.x) that might work well for you.

Collapse
4: POP3 authentication. Re: auth-imap; and external authentication specification question (response to 2)
Posted by Georg Lehner on 01/23/04 07:14 PM
Thanks for the link.

As soon as I manage to get time I will implement also auth-pop3.

Collapse
3: Re: auth-imap; and external authentication specification question (response to 1)
Posted by Lars Pind on 01/23/04 12:00 PM
Yes, you do need to write the proc still, but you can just say:

return { password_status not_supported }

It should never get called, anyway, but that's the polite thing to do, in case someone chooses to write new code that invokes the service contract directly.

See the auth-ldap package for an example.

(I just changed the body of RetrievePassword from being empty to returning not_supported.)

/Lars