Authentication: Difference between revisions
Ken Wilson (talk | contribs) |
Helen Foster (talk | contribs) (1.8 link update) |
||
Line 1: | Line 1: | ||
There are various ways of managing user '''authentication''': | There are various ways of managing user '''authentication''': | ||
*[[Manual accounts]] | |||
*[[No login]] | |||
*[[Email-based authentication|Email-based self-registration]] | |||
*[[CAS server (SSO)]] | |||
*[[External database]] | |||
*[[FirstClass authentication|FirstClass server]] | |||
*[[IMAP authentication|IMAP server]] | |||
*[[LDAP authentication|LDAP server]] | |||
*[[Moodle Network authentication]] | |||
*[[NNTP authentication|NNTP server]] | |||
*[[No authentication]] | |||
*[[PAM (Pluggable Authentication Modules)]] | |||
*[[POP3 server]] | |||
*[[RADIUS authentication|RADIUS server]] | |||
*[[Shibboleth]] | |||
*[[NTLM authentication|NTLM/Integrated Authentication (3rd party plugin)]] | |||
==Locking | ==Locking profile fields== | ||
To prevent users from altering some fields (e.g. students changing profile information to inappropriate or misleading information, the site administrator can lock profile fields. | To prevent users from altering some fields (e.g. students changing profile information to inappropriate or misleading information, the site administrator can lock profile fields. | ||
Line 21: | Line 28: | ||
If you are using a mixture of authentication types (such as IMAP and manual), then the fields you lock in the authentication options will only apply to the type of authentication indicated by the drop down box at the top of the screen. Remember to test the field locking by logging in with the proper type of account! If you test with a manual account but have set the field locking to apply to IMAP accounts, you will not be able to tell if it worked! | If you are using a mixture of authentication types (such as IMAP and manual), then the fields you lock in the authentication options will only apply to the type of authentication indicated by the drop down box at the top of the screen. Remember to test the field locking by logging in with the proper type of account! If you test with a manual account but have set the field locking to apply to IMAP accounts, you will not be able to tell if it worked! | ||
==See also== | ==See also== | ||
Line 30: | Line 33: | ||
*[http://moodle.org/mod/forum/view.php?id=42 Using Moodle: User authentication] forum | *[http://moodle.org/mod/forum/view.php?id=42 Using Moodle: User authentication] forum | ||
[[Category:Authentication]] | |||
[[Category:Authentication | |||
[[fr:Authentification]] | [[fr:Authentification]] |
Revision as of 19:51, 16 April 2007
There are various ways of managing user authentication:
- Manual accounts
- No login
- Email-based self-registration
- CAS server (SSO)
- External database
- FirstClass server
- IMAP server
- LDAP server
- Moodle Network authentication
- NNTP server
- No authentication
- PAM (Pluggable Authentication Modules)
- POP3 server
- RADIUS server
- Shibboleth
- NTLM/Integrated Authentication (3rd party plugin)
Locking profile fields
To prevent users from altering some fields (e.g. students changing profile information to inappropriate or misleading information, the site administrator can lock profile fields.
- These fields are optional. You can choose to pre-fill some Moodle user fields with information from the LDAP fields that you specify here. If you leave these fields blank, then nothing will be transferred from LDAP and Moodle defaults will be used instead. In either case, the user will be able to edit all of these fields after they log in.
- Update local: If enabled, the field will be updated (from external auth) every time the user logs in or there is a user synchronization. Fields set to update locally should be locked.
- Lock value: If enabled, will prevent Moodle users and admins from editing the field directly. Use this option if you are maintaining this data in the external auth system.
- Update external: If enabled, the external auth will be updated when the user record is updated. Fields should be unlocked to allow edits. Note: Updating external LDAP data requires that you set binddn and bindpw to a bind-user with editing privileges to all the user records. It currently does not preserve multi-valued attributes, and will remove extra values on update.
If you are using a mixture of authentication types (such as IMAP and manual), then the fields you lock in the authentication options will only apply to the type of authentication indicated by the drop down box at the top of the screen. Remember to test the field locking by logging in with the proper type of account! If you test with a manual account but have set the field locking to apply to IMAP accounts, you will not be able to tell if it worked!