[Zope] Re: synchronize ZOPE passwords - Unix passwords

Darrick J. Wong Darrick Wong <djwong@ucsd.edu>
Fri, 9 Feb 2001 10:10:11 -0800 (PST)


On Fri, 9 Feb 2001, Chris Withers wrote:

> Darrick,
>
> Didn't you do something with PAM?

I made a rather *nasty* PAM hack out of etcUserFolder.  Unfortunately,
there are two small problems with it--1) either Zope has to be run as root
so that libpam can parse /etc/shadow (nasty) or 2) /etc/shadow has to be
group readable by the Zope process (somewhat less nasty but still nasty).
Eventually I'll probably rewrite it to make calls to a setuid program.
(Just as soon as I figure out how to write a program that verifies
passwords without segfaulting).

If anybody really *wants* to look at my pamUserFolder code and improve it,
etc, I'll be happy to post it somewhere.

Oh yeah--as of right now it is not 100% PAM--to get a list of users, it
reads /etc/passwd.  I agree, that's nasty and probably against the design
philosophy of PAM, so if anybody knows how to ask PAM for a user list, I'd
appreciate it very much.

--Darrick Wong