Support for Internal Authentication

[marshall-ucsd]

Other than "unsecured" mode, there is no provision for authentication that does not involve AD/Shibboleth. Most web applications default to internal authentication (managing their own userids & passwords), with LDAP as an option. For POC and development work, this method of authentication would be preferable over unsecured. There is already the LeafDB, so user information can easily be stored there.

[ndobb]

Hi @marshall-ucsd, we're not committed to adding this feature, as inevitably I suspect some sites would begin authenticating users this way, then gradually move to production and never really switch to using more robust, battle-tested authentication systems and elect to simply have Leaf manage users, passwords, etc. That would in turn open up new cans of worms by requiring that Leaf ensure password complexity, allow users to reset passwords via email, and so on - in other words create far more complexity and slow down development - while all the while dedicated solutions to this already exist (e.g., Shibboleth).

So while I understand the use case and am empathetic, unless we hear a stronger chorus from other sites asking for this we're unlikely to add this feature.