[Cubicweb] trustedauth: cannot get it to work

Aurélien Campéas aurelien.campeas at logilab.fr
Tue Nov 19 17:27:20 CET 2013


On 24/10/2013 14:58, Dimitri Papadopoulos Orfanos wrote:
> Hi Aurélien,
>
> It took me a month to eventually answer this mail... Sorry.
>
> Le 19/08/2013 14:19, Aurélien Campéas a écrit :
>>> I have created a custom application cube for our Brainomics/Imagen
>>> server. As far as I can tell this cube is making use of
>>> 'cubicweb-trustedauth':
>>>
>>> $ cat /usr/share/cubicweb/cubes/imagen/__pkginfo__.py
>>> [...]
>>> __depends__ =  {'cubicweb': '>= 3.16.1',
>>>                  'cubicweb-brainomics': None,
>>>                  'cubicweb-trustedauth': None,
>>> }
>>
>>
>> By design ? This is a bit weird imho since trustedauth should
>> typically be plugged/unplugged at will without package declaration
>> (although I believe cubicweb maybe doesn't help since (if ?) it
>> _requires_ an entry in __depends__ to make add_cube('trustedauth')
>> work).
>
> I'm not sure why I would want to unplug cubicweb-trustedauth from my
> application cube (this is the "imagen" application cube and not the
> "brainomics" reusable cube). Apache authentication is an integral part
> of how the application is supposed to work. Who and where exactly would
> run add_cube('trustedauth')?
>

You would want that for e.g. a dev setup where most people
typically won't bother having trustedauth locally.

Or you have a dual setup, e.g. Apache + mod_spnego + trustedauth
(for kerberos auth under windows)
AND Apache + another instance without trustedauth for not-in-the-AD logins.

Or ....

Whatever. Trustedauth is really an "authentication plugin" which is
orthogonal to what your app. does. The "openidrelay" plugin could also
be (un)plugged this way.

Who ?

The persons in charge of the deployment, aka "IT part".

When ... setting up an instance.





More information about the Cubicweb mailing list