Details
Trivial Description
Hi,
A minor change in the PM class ServicesHandler in the method validateSuppliedPassword(...) would allow administrators to set up PM to generally validate users with NTLM (via pm_hive_params settings) and a few users to validate with database password (via pm_user_params).
The few users would likely be any special i2b2 accounts that sites don't want to have to put into their LDAP/AD systems (like the obfuscated service account). This could benefit sites that have larger user bases.
This would reduce the amount of configuration some sites need to perform. This would make i2b2's authentication system symmetrical and not care whether the admin wants to default to database or NTLM and have a few users do the opposite.
The change in validateSuppliedPassword(...) would be in the NLTLM branch to see if the user has pm_user_params and if so, to use them to authenticate rather than assuming NTLM as that branch currently does.
This suggestion comes out of the "Active Directory and i2b2 1.5" thread in the members.i2b2aug.org mailing list.
Thanks for listening.
A minor change in the PM class ServicesHandler in the method validateSuppliedPassword(...) would allow administrators to set up PM to generally validate users with NTLM (via pm_hive_params settings) and a few users to validate with database password (via pm_user_params).
The few users would likely be any special i2b2 accounts that sites don't want to have to put into their LDAP/AD systems (like the obfuscated service account). This could benefit sites that have larger user bases.
This would reduce the amount of configuration some sites need to perform. This would make i2b2's authentication system symmetrical and not care whether the admin wants to default to database or NTLM and have a few users do the opposite.
The change in validateSuppliedPassword(...) would be in the NLTLM branch to see if the user has pm_user_params and if so, to use them to authenticate rather than assuming NTLM as that branch currently does.
This suggestion comes out of the "Active Directory and i2b2 1.5" thread in the members.i2b2aug.org mailing list.
Thanks for listening.