Yacs handbook Membership

How to authenticate remotely?

If you have registered to some YACS or Drupal web site, you can reuse credentials at other servers instead of creating user profiles everywhere.

[title]How to login for the first time?[/title] Click on the login link, as usual. On the login page, instead of register a new user profile, type an already existing nick name, followed by the 'at' character, and by the name of the server hosting this user profile. Also indicate the related password.



In this example the server liaise with www.yacs.fr, and submit the provided nick name and password.

As credentials are OK, the server automatically creates a shadow user profile, and welcomes you.



Please note that the shadow user profile is still linked to the origin server for any subsequent password authentication.



[title]How to authenticate on next login?[/title] Since the server already has a shadow user profile for you, you only have to provide your nick name and password.



[title]How does it work?[/title] Every shadow user profile has a link to an origin server. An authentication drupal.login XML-RPC request is submitted to this server on each login. You can find more information at users/login.php.

[title]Is it secure?[/title] Well, this authentication is about as secure as the regular one, since in both cases the password is transmitted as clear text across the network.

Also note that the original YACS scripts do not remember the password submitted to the origin server. However, it is quite easy to modify a PHP script to steal passwords... Therefore, use the remote authentication only with site at which you would have registered with these credentials anyway.