Comment 2 for bug 1546769
Revision history for this message
| Aaron Wells (u-aaronw) wrote Re: The 'None' auth needs to be locked down more to avoid troubles with multi institutions | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Here's a brief discussion of why we decided to get rid of the "None" plugin. The "None" plugin is a kind of null auth plugin. When you type in a username, and any password, the "None" plugin will say that you have successfully authenticated that username. If you set it to auto-create users, it will the auto-provision a user with that username and the last name "McAuthentication".
The code and documentation indicate that this plugin is "meant only for testing". However, in the years we've worked on Mahara, we've never actually used it for testing. Instead, we tend to use the "Internal" auth method for most testing users. Potentially the plugin could be useful for testing code that relates to the auto-provisioning of users. But that would only be useful for Mahara developers, *not* for actual production sites using Mahara. As such, that makes this plugin at best a development tool, and potentially harmful development tools shouldn't be left hanging around in the final distribution for end-users to stumble across.