[Zope-CMF] caching clear-text passwords

srobroek at plexus.leidenuniv.nl srobroek at plexus.leidenuniv.nl
Thu Dec 18 05:49:52 EST 2003

Hello everyone,
I have a tricky situation at my hands, and i'd like to ask your help. 

We use a LDAP tree here which stores the user accounts. The passwords are
encrypted, and we're not allowed to change anything about this. A new testing
portal using plone 2.0 also authenticates against this LDAP tree, everything's
working nice. Now the problem: management wants to be able to integrate legacy
web applications in the portal, using single-signon. Since the passwords are
retrieved encrypted from LDAP the usual getpassword methods are no option.
Changing the legacy applications is no option either, since most are custom
built, closed source, and would be very hard to modify to accept pre-encrypted
passwords. (Yes, it really stinks).

Now i was thinking about storing the user's password clear-text password either
in a cache of some sort, storing it when they log in, and destroying it when
they log out or time out, or (for ease of use), store it in a user preference,
then delete the value as they log out.

I don't really know where to start though, with both methods. If someone could
push me in the right direction, to the file i need to modify, or anything that
would help, i'd be grateful.

disclaimer: yes, i know storing passwords clear-text is stupid, dangerous, and
not done, but i don't really have an option. I need to tell people it can or
can't be done, and if it can be done technically, i'd prefer to give them a yes.

Sjors Robroek

More information about the Zope-CMF mailing list