Andrew Milton wrote:
1st, you need PAM support on every platform.
True, but it's not like this is the only non-Zope dependency. For example, to use LDAPUserFolder I need python-ldap.
2nd, you need python/zope bindings for PAM that don't impose licensing restrictions on you. The current PyPAM bindings are GPL (not even LGPL), so that pretty much restricts the pool of people willing to bind to them. (Motivation for me to write my own bindings is pretty low).
I'm not sure I understand the implications here. Most of this code is already open source anyway, right? Wouldn't the GPL terms only apply to code that its code gets used in, and not some other program that calls it?
3rd, you underestimate just what people want out of their web app. They don't want to setup PAM and deal with new mysterious TLA crap, when their database or NT server is already working just fine.
Oh of course, I completely agree, but like I said, other authentication modules are of course still available if you need something PAM doesn't handle or need a home grown solution of some sort. I of course understand the need for that.
4th, people use these things to manage users not just auth them, and PAM unfortunately doesn't do that.
Now this makes the most sense. Unfortunately, it also doesn't apply to my situation, as I'm part of a larger organization, and want to use the preexisting centralized LDAP (which I of course only have read access to) to manage authentication so my users don't need a new set of usernames/passwords, but I'll be *managing* the users locally (Not sure yet exactly how that's going to work, still working through documentation and whatnot (but I certainly wouldn't mind any pointers)).
In other words, if people wanted it badly enough, it'd be done.
I can't really dispute that, it's certainly been thoroughly demonstrated by all the other products people have come out with to suit their needs.
Let me know when you're finished d8)
Ha, I wish. Unfortunately, I'm still quite new to Zope/Plone, and haven't touched python yet at all (Blasphemous, I know!). But perhaps someday (so I'm optimist) ... Thanks for the informative response! Tom