[Zope] PAM Authentication & RSA Authentication Manager
Jens Vagelpohl
jens at dataflake.org
Tue Feb 1 18:53:33 EST 2005
On Feb 1, 2005, at 20:42, Tom Trelvik wrote:
> Andrew Milton wrote:
>> 1st, you need PAM support on every platform.
>
> True, but it's not like this is the only non-Zope dependency. For
> example, to use LDAPUserFolder I need python-ldap.
Yes? That's available even on lesser operating systems from M$. Is PAM?
> Now this makes the most sense. Unfortunately, it also doesn't apply
> to my situation, as I'm part of a larger organization, and want to use
> the preexisting centralized LDAP (which I of course only have read
> access to) to manage authentication so my users don't need a new set
> of usernames/passwords, but I'll be *managing* the users locally (Not
> sure yet exactly how that's going to work, still working through
> documentation and whatnot (but I certainly wouldn't mind any
> pointers)).
You can use the LDAPUserFolder in read-only mode so it does not try to
write back to the directory and store group/role information on the
LDAPUserFolder itself. That way the users log in with the same
credentials *and* you can manage the roles they get in the Zope context
locally. It's just a matter of configuration.
jens
More information about the Zope
mailing list