removing username/password authorization for REST by default - developers can add their own custom PAM using the plugin hook if they require this

git-svn-id: http://code.elgg.org/elgg/trunk@3627 36083f99-b078-4883-b0ff-0f9b5a30f544
author: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-11-06 12:34:00 +0000
committer: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-11-06 12:34:00 +0000
commit: e38e82687bdb67eccadd46b2615df2baa4e0b7ce (patch)
tree: 6e90ff9592d3c9e2146b06ebc9746d652b00f1db /services/api
parent: 4044e085cd5b5698b05f1a070cd95b453c19aa69 (diff)
download: elgg-e38e82687bdb67eccadd46b2615df2baa4e0b7ce.tar.gz
elgg-e38e82687bdb67eccadd46b2615df2baa4e0b7ce.tar.bz2
1 files changed, 3 insertions, 0 deletions
diff --git a/services/api/rest.php b/services/api/rest.php
index a569e7e26..46931f8b5 100644
--- a/services/api/rest.php
+++ b/services/api/rest.php
@@ -29,6 +29,9 @@ if ((isset($CONFIG->disable_api)) && ($CONFIG->disable_api == true)) {
 
 // plugins should return true to control what API and user authentication handlers are registered
 if (trigger_plugin_hook('rest', 'init', null, false) == false) {
+	// remove normal password pam (does not work by default with REST anyway)
+	unregister_pam_handler('pam_auth_userpass');
+	
 	// check session - this usually means a REST call from a web browser
 	register_pam_handler('pam_auth_session');
 	// user token can also be used for user authentication
author	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-11-06 12:34:00 +0000
committer	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-11-06 12:34:00 +0000
commit	e38e82687bdb67eccadd46b2615df2baa4e0b7ce (patch)
tree	6e90ff9592d3c9e2146b06ebc9746d652b00f1db /services/api
parent	4044e085cd5b5698b05f1a070cd95b453c19aa69 (diff)
download	elgg-e38e82687bdb67eccadd46b2615df2baa4e0b7ce.tar.gz elgg-e38e82687bdb67eccadd46b2615df2baa4e0b7ce.tar.bz2