[Zope] NT Authentication

Jan Haul jan@haul.de
Wed, 21 Feb 2001 16:07:25 +0100


On Tuesday 20 February 2001 16:32, you wrote:
> Hi
>
> We were asked to install a Zope server over Windows NT. Problem is - the
> users registered on the NT network (classic domain, not Active
> Directory) must be able to authenticate on the Zope server.
>
> I came across a couple products (jcNTUserFolder, NTUserFolder and smb
> User Folder) to do that and would like some opinions on them. Any
> experiences?

Well, there *is* one thing I'd like to mention:
Authenticating against NT is basically the same as authenticating against 
a UNIX password file. The Apache docs warn against it for a good reason: 
The HTTP password travels the net unencrypted.
This means, your NT domain user passwords are traveling through your 
Intranet or even the Internet in the clear.

If you want to do it, I'd strongly suggest putting your Zope behind Apache 
with SSL, and prohibiting direct (HTTP, not HTTPS) access.

Just my $0.02.

Jan