mirror of
https://github.com/BookStackApp/BookStack.git
synced 2026-02-08 11:19:36 +03:00
Use PAM module system [feature request] #1557
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @kanlas-net on GitHub (Feb 26, 2020).
Idea:
I think it would be fine to use PAM as third party authentication application.
Benefits
RADIUS, LDAP and many other thirdparty auth systems can be used without implementing them in BookStack, OS deals with them by itself with appropriate pam module
@ssddanbrown commented on GitHub (Mar 4, 2020):
Thank you for the suggestion @kanlas-net. Unfortunately I would look to not include this feature for the following reasons:
Therefore I'm going to close this off as out-of-scope.
@interduo commented on GitHub (Jun 21, 2023):
Currently I use gdocs. I think about migrating to bookstack because of user management. Bookstack is createt not as a system for one-person but for group work - so the login process/user management should be consider as priority.
Check again that situation. Now - it's very easy to implement.
Example of authentication module - ready to use code - few lines only:
https://github.com/rohanbbb/php-radius-user-login/blob/master/userAuthenticate.php
"Implementing this would not replace the existing auth systems" - radius is supplement not necessity.
Radius is not OS-specific. (There are radius servers for Windows/FreeBSD)
As I remember correctly You don't need to use PAM module - for sure not at bookstack app side.
@ssddanbrown commented on GitHub (Jun 21, 2023):
@interduo My thoughts remain the same as three years ago, in that I would not look to expand our scope of support to additional authentication systems without significant value, and I don't see Radius as meeting that threshold since there's been little desire.
If handy with PHP, you may be able to hack on something basic using our logical theme system.
@interduo commented on GitHub (Jun 21, 2023):
The client is outside bookstack, loaded by composer - client is supported by other maintainers in other repository. On bookstack there would be only one line in composer.json and few lines in login code whitch would not change probbably during next many years. What kind of support You got on mind?
How do You measure that little desire? Centralized user management is everyday case that need to be discused, when software is implemented in institutions/company. What scope of auth types are supported by bookstack now? Radius is just most popular in linux.
Thanks for info - I will check that.
@ssddanbrown commented on GitHub (Jun 22, 2023):
Initial MVP implementation is rarely ever my concern for adding features. It's everything else.
I'd need to get familiar with these technologies, I'd need to have testing environments for this, we'd need to mock the core functions for testing, we'd have to update and re-test on changes, we'd have to document the usage of this; then, most significantly, we'd have to support user queries and requests. We'd have to debug when a user reports an issue, we'd have to re-test things when necessary. From experience, even when implementing fairly strong standards, variance and edge-cases always pop up and bring their complexities.
By your request being just the first for this, that I can remember, over the last 8 years. (The original issue opened here requests implementing PAM as a potential means for RADIUS, not for RADIUS itself).
We already support email+password/LDAP/SAML2/OIDC, in addition to secondary auth via some specific OAuth services.
@interduo commented on GitHub (Jun 22, 2023):
I didn't want to new open similar issue for that. Grouping informations in less issues in long term benefits.
If You start considering radius as big need and decide for implement it - feel free to contact me for a comprehensive testing. For now I will just use email+pass auth.
Thank You for Your time.