synchronize ZOPE passwords - Unix passwords
Hi! Is there a possibility to make ZOPE use the passwords of standard Linux system users? So if a user of the Linux machine has changed his password it should also automatically change his password in ZOPE system (not nessesarily immediately, but e.g. before he logs in ZOPE) How it is possible to change the roles of a ZOPE user in synchronization with groups in Linux? I can access Linux user-group-password structures from Python, but could I compare and modify ZOPE user passwords in Python, and how? thank you in advance Andrey
On Fri, 9 Feb 2001, Andrei Belitski wrote:
Is there a possibility to make ZOPE use the passwords of standard Linux system users?
Easy. You need a product etcUserFolder. Or you need to write a plugin for GenericUserFolder. Oleg. ---- Oleg Broytmann http://www.zope.org/Members/phd/ phd@phd.pp.ru Programmers don't die, they just GOSUB without RETURN.
On Fri, 9 Feb 2001, Andreas Tille wrote:
Easy. You need a product etcUserFolder. Or you need to write a plugin for GenericUserFolder. Hmm. I would like it if zope would be PAMified.
Then write the pamUserFolder yourself and publish it! :) Really, it sholdn't be that hard - there are so many UserFolders around - just start hacking one. Oleg. ---- Oleg Broytmann http://www.zope.org/Members/phd/ phd@phd.pp.ru Programmers don't die, they just GOSUB without RETURN.
This wouldn't be too hard. There is a pypam module written by a developer from Tummy.com that can act as a PAM client. Someone could start with the etcUserFolder code, changing it as necessary to support pypam. ----- Original Message ----- From: "Andreas Tille" <tillea@rki.de> Cc: "zope" <zope@zope.org> Sent: Friday, February 09, 2001 9:19 AM Subject: [Zope] Re: synchronize ZOPE passwords - Unix passwords
On Fri, 9 Feb 2001, Oleg Broytmann wrote:
Easy. You need a product etcUserFolder. Or you need to write a plugin for GenericUserFolder. Hmm. I would like it if zope would be PAMified.
Kind regards
Andreas.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Darrick, Didn't you do something with PAM? cheers, Chris Chris McDonough wrote:
This wouldn't be too hard. There is a pypam module written by a developer from Tummy.com that can act as a PAM client. Someone could start with the etcUserFolder code, changing it as necessary to support pypam.
----- Original Message ----- From: "Andreas Tille" <tillea@rki.de> Cc: "zope" <zope@zope.org> Sent: Friday, February 09, 2001 9:19 AM Subject: [Zope] Re: synchronize ZOPE passwords - Unix passwords
On Fri, 9 Feb 2001, Oleg Broytmann wrote:
Easy. You need a product etcUserFolder. Or you need to write a plugin for GenericUserFolder. Hmm. I would like it if zope would be PAMified.
Kind regards
Andreas.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On Fri, 9 Feb 2001, Chris Withers wrote:
Darrick,
Didn't you do something with PAM?
I made a rather *nasty* PAM hack out of etcUserFolder. Unfortunately, there are two small problems with it--1) either Zope has to be run as root so that libpam can parse /etc/shadow (nasty) or 2) /etc/shadow has to be group readable by the Zope process (somewhat less nasty but still nasty). Eventually I'll probably rewrite it to make calls to a setuid program. (Just as soon as I figure out how to write a program that verifies passwords without segfaulting). If anybody really *wants* to look at my pamUserFolder code and improve it, etc, I'll be happy to post it somewhere. Oh yeah--as of right now it is not 100% PAM--to get a list of users, it reads /etc/passwd. I agree, that's nasty and probably against the design philosophy of PAM, so if anybody knows how to ask PAM for a user list, I'd appreciate it very much. --Darrick Wong
Andrei Take a look at etcuserfolder on zope.org. I think it'll point you in the right direction. Phil ----- Original Message ----- From: "Andrei Belitski" <andrei.belitski@student.uni-tuebingen.de> To: <zope@zope.org> Sent: Friday, February 09, 2001 11:58 AM Subject: [Zope] synchronize ZOPE passwords - Unix passwords
Hi! Is there a possibility to make ZOPE use the passwords of standard Linux system users? So if a user of the Linux machine has changed his password it should also automatically change his password in ZOPE system (not nessesarily immediately, but e.g. before he logs in ZOPE)
How it is possible to change the roles of a ZOPE user in synchronization with groups in Linux?
I can access Linux user-group-password structures from Python, but could I compare and modify ZOPE user passwords in Python, and how?
thank you in advance Andrey
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On Friday 9 February 2001, at 12 h 58, the keyboard of Andrei Belitski <andrei.belitski@student.uni-tuebingen.de> wrote:
Is there a possibility to make ZOPE use the passwords of standard Linux system users?
Be sure to read: http://httpd.apache.org/docs/misc/FAQ.html#passwdauth for the security implications.
participants (8)
-
Andreas Tille -
Andrei Belitski -
Chris McDonough -
Chris Withers -
Darrick J. Wong -
Oleg Broytmann -
Phil Harris -
Stephane Bortzmeyer