Hi List!
I forward a message received a few days ago from Rod Whitby <Rod.Whitby at motorola.com>.
My reply to this suggestion is : authentication with en empty password is IMHO way too much specific to your case, Rod, to be taken into account for the official version. But it's just my 2 cents...
Loïc
---- Fwd ------------------- Subject: Potential patch for phpMyAdmin auth From: Rod Whitby Rod.Whitby@motorola.com Message-Id: E1636QK-0007IT-00@usw-sf-web2.sourceforge.net Sender: nobody nobody@sourceforge.net Date: Sun, 11 Nov 2001 18:02:08 -0800
I saw from the patch tracker that you are rewriting the phpMyAdmin authentication routines.
I have a need for a particular type of authentication, and wanted to check whether you were considering supporting that style of authentication before I went to the trouble of submitting my patch.
The style is that everyone is authenticated against the HTTP server (via LDAP or some other non-MySQL means, for example), and then I have entries in the user database for people but have no password. The machine on which the web server runs has restricted logins so I know that if someone was able to log into the web server, then I can allow them to log into MySQL server without a password (I still put in a user entry for them, so I can restrict which databases they have priviledges for).
So basically, I need a scheme where PHP_AUTH_USER and PHP_AUTH_PW will be set to real values, but I only want to use PHP_AUTH_USER and I want to ignore PHP_AUTH_PW.
At the moment I have a patch which does the following: If the connect with PHP_AUTH_USER and PHP_AUTH_PW fails, then try again with PHP_AUTH_USER and no password.
Is this something you are considering ?
Would what you are considering meet my needs some other way ?
Should I just add another server config variable which says to retry with no password on failure ?
I'd really like to get something into the standard distribution so that I don't have to patch each new version of phpMyAdmin myself locally.
Thanks, Rod Whitby --------------------------------------
______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif