|Version 3 (modified by dez, 7 years ago) (diff)|
This could hook into either LDAP or PAM to use system credentials. If we do this, requiring https for login would be essential.
Where should lists of who can do what be stored? LDAP? http://uk2.php.net/manual/en/function.ldap-bind.php
It might be nice to allow presentation of credentials through HTTP basic auth. This would allow creation of limited-access RSS feeds for example. Pear has Auth_HTTP for this.
Things that need protecting, and the levels of access which might be required: