I have not played too much with remote authentication, so please forgive me if the following features are already implemented:

- encryption. Is the data that is exchanged between sites encrypted in some way? Would be nice to do this.

- user fields. If a user tries to authenticate at a site that requires users to fill out some form entry (site policy, real name,etc), which his original site does not have, he should be prompted to provide this info.

- accepted sites. The admin of a site should be able to specify which other sites are allowed to authenticate at his site.

Comments

moshe weitzman’s picture

moshe weitzman commented
Priority: Major » Normal

1. it is if the authentication module wishes it to be. in the case of the existing auth modules, they are not with the exception of the ldap module which can be encrypted if so configured by the admin. also, i think Yahoo.module uses https.

2. not yet supprted, but a reasonable proposal.

3. currently available using the 'access rules' link in admin -> user mgmt. you have to mask in or mask out the domains that you care about

alexandreracine’s picture

alexandreracine commented
Version: x.y.z » 4.5.0
Status: Active » Closed (fixed)

There is currently a lot of authentication modules.

CAS - http://drupal.org/project/cas
HTTP - http://drupal.org/project/httpauth
IMAP - http://drupal.org/node/57296
LDAP - http://drupal.org/project/ldap_integration
Pubcookie - http://drupal.org/project/pubcookie
Yahoo! - http://drupal.org/project/yahoo_bbauth

And more! http://drupal.org/project/Modules