Skip to main content

New Drupal two-factor module released - CMS authentication issues

WiKID is pleased to annouce the release of a two-factor authentication module for Drupal.

I'm personally really happy about the feedback we've already gotten and the questions posed. It clearly shows the issues software projects face regarding implementation of two-factor authentication. In reality, it is implementation of authentication. Clearly, the days of storing username and password in the CMS database are (hopefully) over. So what should they look like now? In my opinion, they should handle the session, be pluggable and provide lots of logging.

By 'handle session' I mean that if the authentication is successful, everything else should work. It should not matter what form of authentication is performed and you should not need to create a new account or if you have to it is as simple as possible.

By pluggable, I mean that it should handle really any type of authentication via a simple process. Linux PAM is a good example as is Plone. Plone provides a super simple example that you can copy (as I did).

Sadly, logging is where many fall down. Plone's authentication system totally eats any feedback. This makes it very hard to determine where the issue is. Organizations with two-factor authentication typcially have three or more nodes, the client (the CMS or VPN), a radius server (ACS, NPS, Freeradius), a directory (LDAP, NPS) and a two-factor authentication server (WiKID, of course). If one of these nodes isn't logging properly it just makes it that much more difficult to trouble-shoot.

So, the inevitable question for us: Why didn't you use or develop a pluggable auth module for Drupal? Because our API does so much more than just authenticate. Indeed, most of the API was developed for user management in a multi-tier. multi-tenant environment. You can register tokens, add tokens to existing users, re-enable users, list users by domains, delete tokens, delete users, etc. all on a per network client basis.

If you use Drupal for any Enterprise-oriented software projects that require some extra security please give our module a whirl.

Currently unrated

Recent Posts







RSS / Atom