Skip to main content Help Control Panel

Login   A+   A-

Documentation «   Yacs handbook «   Membership «  

How to authenticate remotely?

Posted by Bernard on Oct. 9 2004, (popular)  
Rate this page

If you have registered to some YACS or Drupal web site, you can reuse credentials at other servers instead of creating user profiles everywhere.

How to login for the first time?

Click on the login link, as usual. On the login page, instead of register a new user profile, type an already existing nick name, followed by the 'at' character, and by the name of the server hosting this user profile. Also indicate the related password.



In this example the server liaise with www.yetanothercommunitysystem.com, and submit the provided nick name and password.

As credentials are OK, the server automatically creates a shadow user profile, and welcomes you.



Please note that the shadow user profile is still linked to the origin server for any subsequent password authentication.



How to authenticate on next login?

Since the server already has a shadow user profile for you, you only have to provide your nick name and password.



How does it work?

Every shadow user profile has a link to an origin server. An authentication drupal.login XML-RPC request is submitted to this server on each login. You can find more information at users/login.php.

Is it secure?

Well, this authentication is about as secure as the regular one, since in both cases the password is transmitted as clear text across the network.

Also note that the original YACS scripts do not remember the password submitted to the origin server. However, it is quite easy to modify a PHP script to steal passwords... Therefore, use the remote authentication only with site at which you would have registered with these credentials anyway.

Annotate this page ·  Trackback

Eoin on Oct. 11 2004 - #
Excellent work again!

Two things briefly: 1. What happens if and both login to server3.com (yacs servers)? If they use the same username, their shadow login names will be the same too, no (test)?

2. Indymedia website around the world are being attacked by the FBI and CIA. Many of these sites were all hosted with the same provider, indeed on the same hosting account. After this experience I guess the indymedia community should look at YACS as an example system for distributing content across many servers (http and ftp), thus making it harder for the FBI to censor them.
Bernard on Oct. 12 2004 - #
" What happens if and both login to server3.com (yacs servers)? If they use the same username, their shadow login names will be the same too, no (test)? "


Well, normally not. will benefit from a short nick name, but will always have to use the lengthy version, including the server name.

However, I have not tested this yet, and, you know, something that has not been tested has a very high probability to not work as expected...

Thank you for your valuable comments, as usual...

2 comments ·  Annotate this page