Q&A Session for  Zend Framework: AuthenticationSession number:  576154137Date:  February 20, 2008Starting time:  08:47 amKent Swisher - 9:50 amQ: How is this used if not using MVC?A: There is an example of using Zend_Auth_Adapter_OpenId from without the ZF MVC implementation:http://framework.zend.com/manual/en/zend.auth.adapter.openid.htmlThere are also more examples using the Zend_OpenId components here:http://framework.zend.com/manual/en/zend.openid.html_________________________________________________________________Glenn Bennett - 9:50 amQ: How would you create your own OpenID service to provide OpenIDsA: Use Zend_OpenId_Provider:http://framework.zend.com/manual/en/zend.openid.provider.html_________________________________________________________________Steve Dowe - 9:51 amQ: How do you handle when the user cannot authenticate? e.g. when they cannot remember their password?A: Typically, redirect back to the login page, printing some reason why the authentication attempt failed. The sample code for this webinar does this._________________________________________________________________Glenn Bennett - 9:51 amQ: thanks_________________________________________________________________Todd Hight - 9:55 amQ: Does the LDAP adapter work with Micro$oft AD?A: Yes, it's been tested with both Microsoft Active Directory and OpenLDAP._________________________________________________________________Steve Dowe - 9:53 amQ: yes,thanks :)_________________________________________________________________Craig Sprout - 9:54 amQ: Can you use more than one type of authentication per app? If OpenID fails, fall back to LDAP, etc.?A: Yes, that is possible._________________________________________________________________David Lukas - 9:57 amQ: Since the storage for identity is provided by the session mechanism, is there any way to prevent session hijacking in ZF/Zend_Auth?A: Zend_Session, which is the ZF component for session data management, is used by Zend_Auth and has some options for increasing the security of your sessions. Since it uses PHP's session extension, your PHP configuration also plays an important role in your session security (e.g., session.use_only_cookies)._________________________________________________________________Joseph Vadakkan - 9:55 amQ: is this part of the standard zend framework or is it a seperate packageA: All of the Zend_* components of this webinar are included in the Zend Framework, which is available for download here:http://framework.zend.com/downloadIf you're adventurous and want the bleeding edge ZF developments, you can also try the snapshot packages:http://framework.zend.com/download/snapshot/or directly from our Subversion repository:http://framework.zend.com/svn/framework_________________________________________________________________Steve Dowe - 9:57 amQ: does Zend_Auth support SSL transactions?A: Yes._________________________________________________________________Steve Dowe - 9:57 amQ: between your server and the openID provider, that isA: Yes._________________________________________________________________Steve Dowe - 9:59 amQ: :)_________________________________________________________________Steve Read - 9:59 amQ: Does this just work with open LDAP  and AD for LDAP AuthenactionA: The LDAP adapter for Zend_Auth has been tested with Microsoft Active Directory and OpenLDAP, though it would likely work with other LDAP servers, as well._________________________________________________________________Steve Read - 10:00 amQ: I will tes tan dlet you know THnaks