[Systems] Account management.
sascha-ml-ui-sugar-systems at silbe.org
Wed Oct 14 04:30:43 EDT 2009
On Tue, Oct 13, 2009 at 04:19:10PM -0500, David Farning wrote:
> Are there particular sign on mechanisms that I should look into?
Please use something that does _not_ require the user to type in a
password every time a service is used. I currently have to do that for
Trac and it's _really_ annoying.
For ssh, public key authentication works great (and can optionally ask a
password locally if you want), so the SSO stuff only needs to
use/support it. This is the Gold Standard of authentication (at least
For HTTP, client certificates are a PITA, but I don't know of anything
else that solves the no-password problem. "Automatic" login (i.e.
recognizing the certificate without redirecting the user to a special
"log in" page that just sets some cookies) and identifying the user by
public key of the certificate (instead of relying on a CA to provide
unique values in some certificate fields) are very important for real
user-friendlyness, but unfortunately unsupported by the majority of web
services (provided they support certificate login at all - most don't).
Sorry for presenting requirements and problems instead of real
PS: If you do support authentication using passwords, please check for
quality passwords instead of periodically expiring them. The latter just
leads to the users choosing weak passwords because they can't remember
strong ones often/easily enough.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 489 bytes
Desc: Digital signature
Url : http://lists.sugarlabs.org/private/systems/attachments/20091014/0e11e6ee/attachment.pgp
More information about the Systems