Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Moodle Security

You're reading from   Moodle Security Learn how to install and configure Moodle in the most secure way possible

Arrow left icon
Product type Paperback
Published in Feb 2011
Publisher
ISBN-13 9781849512640
Length 204 pages
Edition Edition
Languages
Tools
Arrow right icon
Toc

Table of Contents (17) Chapters Close

Appendix A. Authentication Plugins

In this appendix we will present the remaining list of the other authentication modules that are shipped with Moodle and which were not discussed in Chapter 4.

Plugins less common in production servers

These plugins are all disabled by default in a new installation of Moodle and are not so common in everyday usage. We are presenting most of them for informational purposes.

LDAP server

LDAP (Lightweight Directory Access Protocol) is an application protocol for retrieving and modifying data from the directory service. LDAP server is often used as a source of user information. For this plugin to work, you will need LDAP and OpenSSL plugin for PHP. To make the connection as secure as possible, use LDAPs protocol. That way no interception will be possible. Also try to have a failover server because when the central server is down no user will be able to enter into the platform. In order to be able to use secure LDAP we need to make sure that OpenSSL and LDAP PHP extensions are installed and properly configured. We have already explained particular configuration bits of OpenSSL for both Linux and Windows, so let us focus on LDAP extension.

Configuring LDAP PHP extension

In general most of the configuration of the LDAP extension is located in a separate configuration file called ldap.conf. By default on Linux PHP looks for this file in /etc/openldap/ while on Windows in versions of PHP before 5.3 default folder is C:\openldap\sysconf. In PHP 5.3 up to version 5.3.2 the default folder was a root of disk partition on which web server's main web documents folder is located (does that sound complicated or what?). As you can see PHP looks in various places for this file depending on various factors. What we want is to have a predictable way of placing and configuring location of ldap.conf. This is done by specifying environment variable LDAPCONF with the valid location of our ldap.conf. On Linux we should open Apache configuration file httpd.conf and add this line to it:

SetEnv LDAPCONF "<path to ldap.conf>"

On Windows we should set it up in the same place we defined PHPRC and OPENSSL_CONF (see Chapter 3 dedicated to configuration of Windows server).

After this configuration is applied we should restart the web server.

CAS server

CAS (Central Authentication Service) is a Single-Sign-On (SSO) system that enables the account linking of two or more different systems. By default this system requires HTTPS connection, so no particular additional configuration is needed within Moodle in terms of security other than what is already being mentioned in the first section of Chapter 4.

FirstClass server

FirstClass is proprietary groupware software mostly used by educational institutions to offer enhanced electronic communication and collaboration to their students.

IMAP server

IMAP (Internet Message Access Protocol) is one of the two most prevalent protocols for email retrieval. IMAP server can also be used as a source of user credentials. Often these servers use LDAP as their user back-end. In order to make access to this resource in a secure manner it is recommended to use encrypted protocol (IMAP Cert or IMAP SSL).

Moodle network authentication

MNET authentication is a plugin intended for a SSO with another Moodle instance. This instance is considered as a central user repository. This connection uses xml-rpc protocol over HTTPS and it is quite secure by default.

NNTP server

This plugin enables usage of NNTP (Network News Transport Protocol) for retrieving user information.

No authentication

This plugin disables authentication checking and in general should not be used in production sites.

PAM (Pluggable Authentication Modules)

This plugin supposedly gives support for PAM provider. However, it uses a PHP4 library which is no longer publicly available. Therefore usage of this module is not recommended for production sites.

POP3 server

This is another popular protocol for e-mail retrieval. In order to use this integration we recommend use of SSL connection with certificates.

Shibboleth

Shibboleth is another SSO solution (similar to CAS). In general it is safe enough for general usage.

Radius

Radius is a networking protocol that provides support for centralized Authentication, Authorization, and Accounting management for connecting and using network resources. Radius protocol does not transmit passwords in clear text and it implies usage of shared secret for connection validation.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image