From: "Nagy Gabor" <linux42@...>
Sent: Thursday, January 17, 2002 12:56 AM
> On 02-Jan-17 01:41, Andrew Kenneth Milton wrote:
> > b) Build a hybrid auth source that migrates users from SMB to say a ZODB
> > auth source (or any other type). This way you slowly reduce the
> > of queries to the remote server, and move to 100% Zope manageability.
> > You can also then add users via the web that go into ZODB auth
> Hmm. My users use NTs, and they log into this domain. They are required
> to change their passwords from time to time. Migrating them into ZODB
> breaks the reason why I chose smbauthsource -> so that they can use
> their one password.
I am not sure if this applies to the problem at hand, but here goes... had a
chat with matt on irc to understand the problem better. If I have
misunderstood, I apologise in advance.
The problem seems to be that there are some auth services that do not list
users nor their roles and that there is need to have that functionality in,
for instance, the smbAuthSource. Also, there is a problem in only allowing a
specific subset of the users in the auth service to be able to access the
zope app, and set a variety of roles and properties to those users.
The idea to a possible solution is that, if the auth service only allows
yes/no on a username/password combo, and roles/authorisation and properties
have to be provided and stored in another way, then it is possible to use
any authSource that stores users to do this, taking advantage of the
It short, the remoteAuthMethod authenticates all users with valid uname/pw,
but only those present in the authSource listing get validated by xuf. It
would also be possible to create users in advance and assigning them roles.,
and to "harvest" usernames from successfull login attempts, etc.
So, the trick would be to provide a remoteAuthVersion of smbAuth and hook it
up to, say zodbAuthSource or pgAuthSource, etc...
I am sure that some customisation would be needed (i.e. when creating users,
ignore the pasword, etc), but it might suffice with minimal changes.
Hope this helps.
Dario Lopez-Kästen Systems Developer Chalmers Univ. of Technology
dario@... ICQ will yield no hits IT Systems & Services