[Zope-CMF] caching clear-text passwords

srobroek at plexus.leidenuniv.nl srobroek at plexus.leidenuniv.nl
Thu Dec 18 07:26:34 EST 2003


Quoting Encolpe DEGOUTE <edegoute at nuxeo.com>:

> Dans local.lists.zope.zope-cmf srobroek at plexus.leidenuniv.nl écrivit:
> 
> | Hello everyone,
> | I have a tricky situation at my hands, and i'd like to ask your help. 
> | 
> | We use a LDAP tree here which stores the user accounts. The passwords are
> | encrypted, and we're not allowed to change anything about this. A new
> testing
> | portal using plone 2.0 also authenticates against this LDAP tree,
> everything's
> | working nice. Now the problem: management wants to be able to integrate
> legacy
> | web applications in the portal, using single-signon. Since the passwords
> are
> | retrieved encrypted from LDAP the usual getpassword methods are no
> option.
> | Changing the legacy applications is no option either, since most are
> custom
> | built, closed source, and would be very hard to modify to accept
> pre-encrypted
> | passwords. (Yes, it really stinks).
> | 
> | disclaimer: yes, i know storing passwords clear-text is stupid, dangerous,
> and
> | not done, but i don't really have an option. I need to tell people it can
> or
> | can't be done, and if it can be done technically, i'd prefer to give them a
> yes.
> 
> See the session cookie.
> __ac_name and __ac are store here.

I looked at the cookie, but only __ac_name is stored in it.. afaik __ac_password
is deleted as soon as authentication has succeeded. 

> 
> -- 
> Encolpe DEGOUTE, Ingenieur Logiciel, Nuxeo SARL: Zope Service Provider.
> Mail: edegoute at nuxeo.com - Tel: +33 (0)1 40 33 79 18
> Nuxeo Collaborative Portal Server: http://www.nuxeo.com/cps
> Gestion de contenu web / portail collaboratif / groupware / open source
> 
> _______________________________________________
> Zope-CMF maillist  -  Zope-CMF at zope.org
> http://mail.zope.org/mailman/listinfo/zope-cmf
> 
> See http://collector.zope.org/CMF for bug reports and feature requests
> 







More information about the Zope-CMF mailing list