need to separate authentication from access

need to separate authentication from access

by Paolo Pedaletti -
Number of replies: 4
Hi,
in local (university) moodle installation, there is the necessity to separate the authentication process from the possibility to access the e-learning platform.
We (web application manager) use pop account (not managed by us) to authenticate users, and we need to prevent the access to all valid email account.
For example, if we would use gmail as pop server, we don't want to permit the access to all valid gmail users smile

Now it works in this way:
setup authentication via pop
we add valid user list via csv file
users use their email/password to login:
  • if user is added previously by us, she/he login (GOOD)
  • if user is unknown by us, she/he is auto-added to the platform (BAD)
So in today moodle (1.9.0) we feel the lack of a last check (optional?) against a local user list.
Is it already possible to do so or it's necessary a patch to the code?

thank you.

Average of ratings: -
In reply to Paolo Pedaletti

Re: need to separate authentication from access

by Robert Brenstein -
The hack to accomplish this is provided in MDL-12604
Average of ratings: -
In reply to Robert Brenstein

Re: need to separate authentication from access

by SS M -

It will be a great thing if next versions of Moodle will allow to choose if  Moodle should create users or not automatically.

Doing authentication on a system doesn't mean necessarily that creation has to be demanded; in some places, like where I work, we delegate all authentication on the pop3/imap corporate email system, but we want just some users to access Moodle.

Average of ratings: -
In reply to Robert Brenstein

Re: need to separate authentication from access

by Bryant Saxon -

I was able to prevent self registration in a scenario by setting all User Profiles field under the auth method to Locked. This prevents a user from providing an email account, thus preventing the creation of the account.

I do think it is confusing for the user and I would l like to prevent users from seeing this page entirely.

Has anyone developed anything for 2.0? I am using IMAP for my auth method.

The problem for us comes that some users want to login with their full email address - username@ourdomain.com - instead of using just the username portition which used to create the accounts.

Average of ratings: -
In reply to Bryant Saxon

Re: need to separate authentication from access

by Mary Cooch -
Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Testers Picture of Translators

Hi there - please see the response in the other thread where you posted.

Average of ratings: -