On a related note (to manageability of users), I’d be interested in
some sort of external authentication API (to allow authentication
separate from username/passwords in the rt database).
I’ll ponder this. Do people who want an external authentication mechanism
want it in addition to rt internal authentication or instead of it?
Additionally, will all users use the external mechanism or only
Would be very very useful. Given that the vast majority of deployments
for this would probably be in an environment with some sort of existing
authentication environment …
Personally, I’d use it instead of the internal authentication, but I
could see an “or” facility being useful (do a local database lookup
if external auth fails).
Something abstract like PAM would be cool, as that opens up a large
number of possibilities (I think it supports NIS, and certainly
passwd, shadow and database auth).
Of course, SSL support becomes pretty vital then … the whole thing
is wide open to snooping otherwise, which is an advantage of the
existing system; it allows users to have an insecure web authentication
without compromising their actual system passwords. (con: they keep
on forgetting one of them).