[Zope-dev] Re: FW: [Zope-dev] pam authentication support with PyPam

[Michel Pelletier]

Alexander Staubo wrote:
> 
> Have you given any thoughts to my comments?

Yes, sorry for the delay.
> 
> >
> > There are two aspects of the current security subsystem that bug me.
> >
> > The first is the fact that only user folders are accumulative
> > only at folder boundaries. You cannot create one UserFolder
> > and one NTUserFolder at the same level and have them co-opt
> > the user authentication responsibility.

I think this is a good idea, I wonder if the Generic User Folder
recently prototyped (hey, who did that? I can't find any artifacts to it
anywhere) does this.

> >
> > The second, more serious gripe is with the security
> > permission model. Look at NT 4.0 and the security UI that
> > comes with SP4/SP5's Security Configuration Manager for a
> > good example (installing it will upgrade NT's security
> > dialogs with a new UI).

<snip good stuff>

There are really deep and fundamental issues, I can see exactly what
you're talking about, but implimentation could take a while, last time i
looked at the security system I shuddered.

Have you looked into implimentation?  This is sort of a seperate issue
from the user folder abstraction thing.

-Michel