[LON-CAPA-dev] Shibbolith

Guy Albertelli II lon-capa-dev@mail.lon-capa.org
Thu, 17 Nov 2005 15:09:09 -0500 (EST)

Hi Mark,

> As our recent kerberos issues get resolved (it was actually a DNS 
> problem), I've been told that the system people would really prefer that 
> we use Shibbolith (sp?), which has been adopted by a number of 
> universities in our state, for authentication.
> (1) Any thoughts on the matter?

Our university has thretened use with the same idea. :-)

> (2) Presumably, this can be done with local authentication.

I sure hope so since you can basically do whatever you want in there.

> (3) This might also be implemented as a larger scale solution (more like 
> kerberos) if it is thought to be a global enough system.

Possibly, although I really am liking the 'local authentication'
mechanism alot.

I am leaning towards shiping a more comprehensive localauth.pm module
that has a bunch of common mechanisms in it. And then one can pick
which mechanism gets used through the use of the 'argument' to the

For example:

a user with 

local:shibbolith -> would use localauth and tell it to use 
                    the shibbolith mechanism
local:krb6:msu_edu -> would use the kerberos 6 mechanism 

etc for ldap ...

guy@albertelli.com   0-7-2-0-27,137