Skip to content
  • Leigh B. Stoller's avatar
    Implement a cross machine login so that user is automatically logged · 9310dedb
    Leigh B. Stoller authored
    into the Wiki when clicking on the My Wiki's link. Works like this:
    
    * The My Wiki's link points to new page, gotowiki.php3, on boss.
    
    * The gotowiki page looks for a new cookie in the user's browser
      which holds a key (the usual random data run through md5).
    
    * If the key does not exist, generate it and store it in the user
      browser (expires when browser is closed or emulab login times out).
      Also invoke backend script wikixlogin, which will send the key over
      to the wiki server (via ssh), which will write the key into a file
      named by the user account.
    
    * The user's browser is redirected to the wiki server's login script
      (twiki/bin/newlogon), but instead of username and password, we send
      over username and key (as well as redurl= parameter which is the
      page on the wiki server to redirect to later).
    
    * The new login script looks for this case, and opens the file named
      by the user and compares the key it gets with what is in the file.
      If they match, the user login succeeds and the browser is once again
      redirected, but this time to the page it wants on the wiki server.
      If the key does not match, the browser is redirected to the login
      page (so user can enter username password normally). The redurl
      parameter is passed along as well.
    
    * Subsequent clicks on My Wiki's will not need to invoke the backend
      script, since the cookie will be in the browser.
    9310dedb