Did A Google Earth Mistake Cause A Couple's Brutal Murder?
Tumblr 101: Tips And Tricks To Get Started
phpMyID: roll your own OpenID provider
With more and more web sites and services offering OpenID for authentication, you may want to use your own domain name as an OpenID provider instead of selecting from the wide array of other providers (like Blogger, AOL, Wordpress.com). phpMyID is a pair of PHP files that allow you to easily use your domain name for authentication to OpenID-supporting sites like Sourceforge, Skitch, and Technorati.
To use phpMyID (substitute "yourwebsite" with your domain name or website address):
- Download the archive from the phpMyID website
- Upload the files to your web server (I chose to put them in an "openid" subfolder)
- Visit http://yourwebsite/MyID.config.php
- Make a note of your PHP realm
- Pick a username and password for phpMyID (remember, with OpenID you authenticate to your provider, and then OpenID sites trust your provider to permit/reject authentication)
- Create an MD5 hash of your username, password, and PHP realm. Mac and Linux users can just use OpenSSL (
echo -n 'username:realm:password' | openssl md5). Windows users will need an MD5 utility - Edit your MyID.config.php by entering your chosen username for "auth_username" and the MD5 result from step 6 for the value of "auth_password"
- Reupload the MyID.config.php file to your web server
- Visit http://yourwebsite/MyID.config.php and login with your phpMyID username and password to make sure everything is working correctly
- Place the following HTML tags in the index document for your web site
<link rel="openid.server" href="http://yourwebsite/MyID.config.php"> <link rel="openid.delegate" href="http://yourwebsite/MyID.config.php">You will now be able to use your domain name or website as your OpenID URL when logging in to OpenID sites. phpMyID is open source, requires PHP, and, yes, it does support the OpenID Simple Registration Extension (SREG) for providing default information to OpenID websites.
Comments
6
Subscribe to commentsAbscissaFeb 21st 2009 3:51PM
As if OpenID needed more support...
http://marcoslot.net/apps/openid/
(Not that PHP itself is known for security either.)
larsFeb 22nd 2009 5:52PM
@Abscissa: It's been a long time since there were any serious security issues with PHP. It's the PHP-programmers that make insecure code ;)
AbscissaMar 2nd 2009 7:29PM
The problem is, PHP makes it far too easy to write insecure code. That's not something that's ever going to get fixed in PHP.
larsMar 2nd 2009 7:39PM
Well, you can write insecure code in whatever language you want. Again, it's up to the programmer ;) PHP has the tools that makes it easy to write secure code too.
It's like saying that C makes it far too easy to write code that leaks memory.
And how is it not going to get fixed? Use patterns, frameworks etc. Use a hardened PHP. It's pretty easy to make secure code.
StephenFeb 23rd 2009 6:41AM
(Warning: blatant plug!)
If you want something that allows you to manage multiple IDs on a single server, or just a basic GUI wrapper for hosting your own OpenID, then some people might prefer Clamshell:
http://wiki.guruj.net/Clamshell!Home
Greg RolanFeb 25th 2009 5:15PM
(Another blatant plug!)
Or else use Glynx - an OpenID solution that works p2p from your PC without passwords - so no server stores your userid/passwords anywhere.