I want to start a bit of discussion on the auth system in Moin at the moment.
It has a few problems as far as I'm concerned (which I have patches to deal with), but I think the issue is a bit wider than that.
Problems
- moin_cookie is used for both session and authentication This leads to problems when all you want is authentication -- e.g. when using LDAP to authenticate.
- LDAP stores the password used in the user prefs so that moin_cookie can succeed! This is unacceptable from a security POV - no passwords, password-equivalent data, nor password hashes should be stored on the Moin server when using some kind of external authentication. LDAP is also too tightly coupled to moin_cookie -- it doesn't even return a valid user object!
- Much of the structure surrounding auth is designed with moin_cookie in mind. Password changing is assumed to be possible in places, messages returned on auth failure assume it's a bad password etc.
- There's no concept of authentication vs. authorization Just because a user can authenticate e.g. using LDAP does not mean that they should have access to a particular wiki. It's easy enough to use another auth module to provide authorization, but because there is no concept of the difference, the message returned to the user on failure indicates that authentication failed ("Wrong Password").
Solutions
I use the attached patch bundles. These provide a distinct moin_session cookie mechanism, use LDAP "properly" (i.e. doesn't store the password, and don't assume moin_cookie will follow).
It's an improvement, but it's not by any means a complete solution (doesn't even contemplate the "Wrong Password" message problem, for example).
Thoughts?
- I finally managed to get the stuff imported and merged into a private 1.6 branch. I'll have a look at it later today.
You use 1.5.3 for development? I moved auth.py to auth/__init__.py in 1.6, btw. -- ThomasWaldmann 2006-06-08 08:43:50
No, I've moved to 1.6... hadn't noticed auth.py moving. Was that a recent thing?
-- NickPhillips