All page names need to be in English.
en da  de  fr  it  ja  km  nl  ru  zh

TYPO3 Neos Authentication System

From TYPO3Wiki
Jump to: navigation, search
This page belongs to the TYPO3 Neos-Development (category Neos development team)

Core-5.0 Authentication Subsystem

Summarizing the knowledge of existing authentication systems, researching (dis)/advantages and get an overview how to build a powerful authentication system that is powerful enough to use several of these backends.

Existing Authentication Systems

  • Pluggable Authentication Modules (Linux/Solaris)
  • OpenID
  • Radius (AAA System)
  • Windows Authentication Service
  • Public Key Authentication (Cert based SSO) with information base in the backend
  • Kerberos
  • Integrate Apache2 authentication mechanisms (would enable different mechanisms like sasl,pam,kerberos,ldap... and admins could simply define appropriate .htaccess files)


  • LDAP
  • Radiaus (not really supportable)
  • SQL
  • OpenID!
  • Kerberos

Hashing algorithms and the security level

Pluggable Authentication Modules

The "Pluggable Authentication Modules" (short PAM) is a very flexible and stackable authentication/... system and the industry standard of Linux and Solaris. To get a fast overview refer the presentation sheet of SUN PAM Presentation Sheet

Requirements for the Core-5.0 AAA System

  • Split Authentication/Authorization/Accounting
  • Use content repository / and any other backend driver (apache authentication/system authentication)

Phase 1

  • Using LDAP inetorgperson as basic reference for user informations and MD5 as hashing algorithm?

Phase 2

  • Splitting Authentication/Authorization/Accounting and implementing the "PAM core"?

Phase 3

  • Researching the API requirements to lay on top of content repository with one leg, on other systems with the other leg?