[Zope-PTK] password policy change interface

Bill Anderson bill@libc.org
Tue, 05 Sep 2000 22:00:54 -0600 

Chris Withers wrote:
> 
> Hi,
> 
> again, sorry for being so late into this discussion...
> 
> It looks like there have been lots of great ideas exchanged :-)
> 
> I don't really have a preference for any of them, but the thing which
> I'm really keen to make sure is heard is this:
> 
> Whatever happens, can we please make sure the interfaces behind this
> whole password area are flexible enough that _any_ of the discussed
> method _can_ be implemented, preferably just by using the overidable
> interface or something similar to customize the appropriate portal tool.
> 
> All the discussed method have either plusses and minusses, and it'd be a
> shame to restrict which options you can use, beyond the absolutely
> necessary...

Well, as I have mentioned, I am working on a policy object fo ruser authentication schemes. And I am doing a lot of the
code in ttw Python methods, so it shold be rather easy to modify to suit your needs. :)

As the methods stabilize and standardize, the default ones may be merged into the Python sid eof it (Membership
porpoer), and the alternative behaviours could be overrridden my ttw Python Methods.

Needless to say, I am still working on the Security Policy Object. I _want_ to have 0.8 out in the next two weeks, and
0.9 out within 2 weeks from there, and a 1.0 release about a week or two after that. 

I want to have the 1.0 features in no later than 0.8.5. That means for those who have patches, I need them in the next
two weeks if you want a chance atthem being integrated. Some have patches for simple user deletion, some have PTK
integration work done. I am not too hip on reinventing it, so I am concentrating on other features and code, allowing
their patches to round it out.

The 0.9 should mainly be documentation and bugfixing/stabilization.

I am envisioning the interface side to actually call the policy object, which will implement the appropriate methods.
The default will be to store passwords in encrypted format, with forgetful users getting a new password. It is also
likely this new password will have to be changed on login. I am also planning on limiting the new password requests to
one per day. This sounds like a reasonable default. 

This Policy Plugin setup will allow custom policy arrangements, even on a per-portal basis within the same zope server.

Whaddya think of that?



--
Do not meddle in the affairs of sysadmins, for they are easy to annoy,
and have the root password.