devilgate
commented
5 years ago Closed devilgate closed 5 years ago
devilgate
commented
5 years ago 
peterhambly
commented
5 years ago This usually does not require a change to the front end or the middleware. Normally it is set up in the database, e.g. LDAP Authentication. SQL Server only supports username/password and windows (Kerberos). Kerberos in a browser requires GSSAPI as the authentication token has to move across the network. The private network used to use this - its is hard to setup, requires configuration of the browser and a Kerberos type connection in the Java which the Microsoft JDBC driver apparently support Using Kerberos Integrated Authentication to Connect to SQL Server
devilgate
commented
5 years ago Closing this for now. We are too tightly integrated with our databases to move away from DB users. Especially since the DB user is how we will be handling permissions in-house.
At present a RIF user is a database user: to log on to the RIF you have to be set up as a user on Postgres or SQL Server. That's fine as far as it goes, but I can foresee environments where the admins manager users through LDAP or another protocol, and don't like the idea of setting up DB users for everyone who has to use a particular tool.
To support cases like that we should make user management a pluggable module, with the database-backed mechanism shipped as the default, but with scope to easily add others.
The application depends on a database, so we will always need a database user. So if the login user is not a DB user, we'll need to support a way to specify the DB user. A value in the properties file will be enough for this (though it might not be enough for the password).