[Zope-CMF] caching clear-text passwords

Encolpe DEGOUTE edegoute at nuxeo.com
Thu Dec 18 06:00:30 EST 2003

Dans local.lists.zope.zope-cmf srobroek at plexus.leidenuniv.nl écrivit:

| Hello everyone,
| I have a tricky situation at my hands, and i'd like to ask your help. 
| We use a LDAP tree here which stores the user accounts. The passwords are
| encrypted, and we're not allowed to change anything about this. A new testing
| portal using plone 2.0 also authenticates against this LDAP tree, everything's
| working nice. Now the problem: management wants to be able to integrate legacy
| web applications in the portal, using single-signon. Since the passwords are
| retrieved encrypted from LDAP the usual getpassword methods are no option.
| Changing the legacy applications is no option either, since most are custom
| built, closed source, and would be very hard to modify to accept pre-encrypted
| passwords. (Yes, it really stinks).
| disclaimer: yes, i know storing passwords clear-text is stupid, dangerous, and
| not done, but i don't really have an option. I need to tell people it can or
| can't be done, and if it can be done technically, i'd prefer to give them a yes.

See the session cookie.
__ac_name and __ac are store here.

Encolpe DEGOUTE, Ingenieur Logiciel, Nuxeo SARL: Zope Service Provider.
Mail: edegoute at nuxeo.com - Tel: +33 (0)1 40 33 79 18
Nuxeo Collaborative Portal Server: http://www.nuxeo.com/cps
Gestion de contenu web / portail collaboratif / groupware / open source

More information about the Zope-CMF mailing list