Rogo currently supports two authentication mechanisms: 1) its own internal list of users, and 2) connection to an LDAP authentication service. The two mechanisms can be mixed. So, for example, it is possible for a university to connect to its own LDAP server to authenicate most users but then to add additional custom accounts say for NHS users.
Both authentication mechanisms require a record per user in the 'users' table.
Staff users have to be created individually by going into 'Search/People' and then selecting 'Create new user'. Students can be bulk enroled using the 'Import Students' option from the 'Search/People' page.
With LDAP authentication Rogo still needs user accounts to be created first, as with 'internal' authentication. When a user (staff or student) logs in and tries their LDAP password Rogo will look this up in the 'users' table and if it doesn't match will go to the pre-configured LDAP server and request authentication success/failure. If the password matches that stored on the LDAP server then Rogo will one way encrypt the password and store locally.
Usernames/passwords are stored locally in the Rogo system for two reasons: 1) minimises load on LDAP server at the start or large summative exams, and 2) if the LDAP server fails mid exam it does not compromise the assessment.
Versions of Rogo prior to 4.2.4 encrypt using MD5. Version 4.2.4 onwards uses the more secure SHA-512 encryption. The php crypt function is used to encrypt the password, this is a one-way encryption and as such there is no de-crypt function.
For more info on plugins and configuration options please goto Authentication Plugins