Proposing a couple of alterations to Auth

Erik Stambaugh erik at
Tue Apr 20 16:46:20 UTC 2004

(Incidentally, my apologies go out to anyone to whom I subjected
incoherent ramblings about Auth on #mozwebtools)

I'm working on a new module for Bugzilla::Auth, and I've come across a
couple of changes that Auth could probably use, so I want to see what
everyone (cough-bbaetz-cough) has to say before I write any patches
or file any bugs.

The first thing I propose is breaking up the Auth directory by
function.  CGI and Cookie handle the way the password is provided to
Bugzilla, while DB and LDAP manage verification or authentication
styles.  I'd like to divide these up into subdirectories (perhaps
'Login' and 'Verify'?).

Once they are divided up, for my purposes, and probably for other
people writing Auth modules, I'd like to create a new param that
covers the method by which login and password information are
provided, rather than authenticated.  Something to sit alongside
'loginmethod'.  This is mentioned as a future change in the comments

The trouble, now, is that the name 'loginmethod' seems too ambiguous.
In fact, the first time I saw the param, I thought it referred to the
method by which a user's information is provided to Bugzilla, when in
fact it seems to cover the method of authenticating that information.
I would like to change 'loginmethod' to something closer to its actual
function.  I also originally wanted 'loginmethod' to refer to the new
param that provides actual login information, but I'm backing away
from using that because of the confusion it might cause with anyone
used to the old name.

Possibly 'user_info_method' and 'user_verify_method'.  There are
probably better things to call them.  Someone please suggest

The final thing I'd like to alter (well, not *final* final, but final
enough for this RFC) is to make both of the above params into ordered
lists (a picklist that allows you to move the priority or execution
order of each item up and down), allowing administrators to select a
particular order in which multiple authentication or login methods can
be used.  This is particularly useful for my own purposes, and I think
would be helpful for anyone using alternative methods of

Unfortunately, there isn't really such a thing as an ordered list in
the params, but after talking with justdave about this, I believe it
can easily be done if the current work being done on bug 46296 makes
it into CVS.  ( )

Also, Dave proposed having the possible values for these params
actually determined by getting a listing of the contents of their
respective module directories.  I like that.


Erik Stambaugh - erik at -

More information about the developers mailing list