Hi List! I forward a message received a few days ago from Rod Whitby <Rod.Whitby at motorola.com>. My reply to this suggestion is : authentication with en empty password is IMHO way too much specific to your case, Rod, to be taken into account for the official version. But it's just my 2 cents... Loïc ---- Fwd ------------------- Subject: Potential patch for phpMyAdmin auth From: Rod Whitby <Rod.Whitby@motorola.com> Message-Id: <E1636QK-0007IT-00@usw-sf-web2.sourceforge.net> Sender: nobody <nobody@sourceforge.net> Date: Sun, 11 Nov 2001 18:02:08 -0800 I saw from the patch tracker that you are rewriting the phpMyAdmin authentication routines. I have a need for a particular type of authentication, and wanted to check whether you were considering supporting that style of authentication before I went to the trouble of submitting my patch. The style is that everyone is authenticated against the HTTP server (via LDAP or some other non-MySQL means, for example), and then I have entries in the user database for people but have no password. The machine on which the web server runs has restricted logins so I know that if someone was able to log into the web server, then I can allow them to log into MySQL server without a password (I still put in a user entry for them, so I can restrict which databases they have priviledges for). So basically, I need a scheme where PHP_AUTH_USER and PHP_AUTH_PW will be set to real values, but I only want to use PHP_AUTH_USER and I want to ignore PHP_AUTH_PW. At the moment I have a patch which does the following: If the connect with PHP_AUTH_USER and PHP_AUTH_PW fails, then try again with PHP_AUTH_USER and no password. Is this something you are considering ? Would what you are considering meet my needs some other way ? Should I just add another server config variable which says to retry with no password on failure ? I'd really like to get something into the standard distribution so that I don't have to patch each new version of phpMyAdmin myself locally. Thanks, Rod Whitby -------------------------------------- ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif