Authentication: Difference between revisions

Latest revision as of 17:21, 12 November 2008

Location: Administration > Users > Authentication

User authentication is about enabling people to login to your Moodle site.

Authentication methods

Authentication methods (also known as authentication plugins) include:

Manual accounts - accounts created manually by an administrator
No login - suspend particular user account
Email-based self-registration - for enabling users to create their own accounts
CAS server (SSO) - account details are located on an external CAS server
External database - account details are located on an external database
FirstClass server - account details are located on an external FirstClass server
IMAP server - account details are located on an external IMAP server
LDAP server - account details are located on an external LDAP server
Moodle Network authentication - how different Moodle sites can connect and authenticate users
NNTP server - account details are located on an external NTTP server
No authentication - for testing purposes only
PAM (Pluggable Authentication Modules) - account details come from the operating system Moodle is running on, via PAM (can only be used Linux/Unix).
POP3 server - account details are located on an external POP3 server
RADIUS server - account details are located on an external RADIUS server
Shibboleth - account details are located on an external Shibboleth server
NTLM/Integrated Authentication (contributed plugin prior to Moodle 1.9; is part of the LDAP authentication plugin from 1.9 onwards).

The authentication method is set in Administration > Users > Authentication > Manage authentication (or Administration > Users > Authentication prior to Moodle 1.9)

@@ Line 2: / Line 2: @@
-==Managing user authentication==
+User authentication is about enabling people to login to your Moodle site.
-One of the first things you need to consider when setting up your Moodle site is user authentication i.e. enabling people to login to your Moodle site.
+==Authentication methods==
 Authentication methods (also known as authentication plugins) include:
-*[[Manual accounts]]
+*[[Manual accounts]] - accounts created manually by an administrator
-*[[No login]]
+*[[No login]] - suspend particular user account
-*[[Email-based self-registration]]
+*[[Email-based self-registration]] - for enabling users to create their own accounts
-*[[CAS server (SSO)]]
+*[[CAS server (SSO)]] - account details are located on an external CAS server
-*[[External database authentication|External database]]
+*[[External database authentication|External database]] - account details are located on an external database
-*[[FirstClass authentication|FirstClass server]]
+*[[FirstClass authentication|FirstClass server]] - account details are located on an external FirstClass server
-*[[IMAP authentication|IMAP server]]
+*[[IMAP authentication|IMAP server]] - account details are located on an external IMAP server
-*[[LDAP authentication|LDAP server]]
+*[[LDAP authentication|LDAP server]] - account details are located on an external LDAP server
-*[[Moodle Network|Moodle Network authentication]]
+*[[Moodle Network|Moodle Network authentication]] - how different Moodle sites can connect and authenticate users
-*[[NNTP authentication|NNTP server]]
+*[[NNTP authentication|NNTP server]] - account details are located on an external NTTP server
-*[[No authentication]]
+*[[No authentication]] - for testing purposes only
-*[[PAM (Pluggable Authentication Modules)]]
+*[[PAM (Pluggable Authentication Modules)]] - account details come from the operating system Moodle is running on, via PAM (can only be used Linux/Unix).
-*[[POP3 server]]
+*[[POP3 server]] - account details are located on an external POP3 server
-*[[RADIUS authentication|RADIUS server]]
+*[[RADIUS authentication|RADIUS server]] - account details are located on an external RADIUS server
-*[[Shibboleth]]
+*[[Shibboleth]] - account details are located on an external Shibboleth server
-*[[NTLM authentication|NTLM/Integrated Authentication (3rd party plugin)]]
+*[[NTLM authentication|NTLM/Integrated Authentication]] (contributed plugin prior to Moodle 1.9; is part of the LDAP authentication plugin from 1.9 onwards).
-==Multi-authentication==
+The authentication method is set in ''Administration > Users > Authentication > [[Manage authentication]]'' (or ''Administration > Users > Authentication''  prior to Moodle 1.9)
-{{Moodle 1.8}}From Moodle 1.8 onwards, multi-authentication is supported. Simply click on the closed eye icon to enable a particular plugin.
-Each authentication plugin may be used to find a username/password match. Once found, a user is logged in and alternative plugins are not used. Therefore the plugin which handles the most logins should be moved to the top of the page in order that less load is put on authentication servers.
+==See also==
-==Common settings==
-Most of these settings are self-explanatory.
-===Self registration===
-If you wish users to be able to create their own user accounts i.e. self-register then select Email-based self-registration from the drop-down menu.
-===Alternate login URL===
-This should be used with care, since a mistake in the URL or on the actual login page can lock you out of your site. If you do mess it up, you can remove the entry from your database (table mdl_config) using e.g. phpmyadmin for mysql.
-==Locking profile fields==
+*[[Manage authentication]]
-To prevent users from altering some fields (e.g. students changing profile information to inappropriate or misleading information), the site administrator can lock profile fields.
+*[[Authentication FAQ]]
-[[Image:Authent-data-map-fname.jpg|Data Mapping Options]]
-*These fields are optional. You can choose to pre-fill some Moodle user fields with information from the LDAP fields that you specify here.  If you leave these fields blank, then nothing will be transferred from LDAP and Moodle defaults will be used instead.  In either case, the user will be able to edit all of these fields after they log in.
-*'''Update local''': If enabled, the field will be updated (from external auth) every time the user logs in or there is a user synchronization. Fields set to update locally should be locked.
-*'''Lock value''': If enabled, will prevent Moodle users and admins from editing the field directly. Use this option if you are maintaining this data in the external auth system.
-*'''Update external''': If enabled, the external auth will be updated when the user record is updated. Fields should be unlocked to allow edits.   Note: Updating external LDAP data requires that you set '''binddn''' and '''bindpw''' to a bind-user with editing privileges to all the user records. It currently does not preserve multi-valued attributes, and will remove extra values on update.
-If you are using a mixture of authentication types (such as IMAP and manual), then the fields you lock in the authentication options will only apply to the type of authentication indicated by the drop down box at the top of the screen.  Remember to test the field locking by logging in with the proper type of account!  If you test with a manual account but have set the field locking to apply to IMAP accounts, you will not be able to tell if it worked!
-==See also==
 *Multi authentication in [[Upgrading to Moodle 1.8]]
-*[http://moodle.org/mod/forum/view.php?id=42 Using Moodle: User authentication] forum
+*Using Moodle [http://moodle.org/mod/forum/view.php?id=42 User authentication forum]
+*Using Moodle [http://moodle.org/mod/forum/discuss.php?d=95559 Do users need e-mail addresses?] forum discussion
+*Using Moodle [http://moodle.org/mod/forum/discuss.php?d=97938 Admin approving self registrations?] forum discussion
 [[Category:Authentication]]
 [[fr:Authentification]]

Documentation

Authentication: Difference between revisions

Latest revision as of 17:21, 12 November 2008

Authentication methods

See also