this is the scenario: multiple web systems (mostly lampp/wampp) exist, most of them with separate login information, (some share it). We’re considering the benefits/disadvantages of unifying them somehow, or at least making handling the user administration parts easier.
Due to the nature of some systems (its a mixed bag of custom OSS systems,internally developed software and 3rd party commercial software) we can’t unify all login-screens into a single screen.
A idea passed around is a sort of login master brain were we can control all user name creation,permissions,inactivation, etc. This will still make people have to manually log in into every system, but at least it’ll make the administrative load of user management easier.
Are there any known solutions to this kind of problem that involves (necesarily, it could be considered) changing the least amount of code/systems possible?
Edit: OpenID doesnt work for us since we have different login needs and some systems we cant directly control how they handle the login process (but we can control the users/passwords).
What we did was to centralise all login details in one repository (Active Directory for us), then wrote a c# library to authenticate with wrappers for all the languages we programmed in (PHP, C, .NET, etc). and then just wrote some glue code in the appropriate place for each application. Aside from our in-house apps, we successfully logged into Mediawiki, Subversion, ActiveCollab and Apache this way.
It does involve writing a reasonable amount of code, but not ridiculous amounts, and it will work for the future as well. I can’t see a practical solution which would be easier than this.
Reading your question I note that this is more-or-less what you’re thinking anyway, but it will work!