[Zope-CMF] Integrating legacy applications in Zope

srobroek at plexus.leidenuniv.nl srobroek at plexus.leidenuniv.nl
Thu Nov 27 06:31:45 EST 2003


I'm having a problem with the development of a new CMF portal, concerning the
integration of legacy webapplications.

Normally one could use the password recovery options in zope/CMFCore to
single-signon users against such applications, but we are using authentication
against an LDAP server, which only contains encrypted passwords. Some of the
applications are closed-source (alas), so modifying them is no option.

My question is: is it possible to store the user's unencrypted password (which
is given during login) in a variable which exists as long as the user is logged
in, and which can be easily retrieved, to use it to authenticate such legacy
applications?

The only real requirement is that it must be safe, that, in case of an exploit,
a script could only read the currently logged in user password, and that it
expires as soon as the user logs out, etc.

If someone could give me a push in the right direction, i'd be very grateful.

Sjors Robroek






More information about the Zope-CMF mailing list