[Zope-dev] pam authentication support with PyPam

[Michel Pelletier]

Regardless of whether or not Zope has a PAM folder (which I think is a
good idea) we need to discuss an upcomming problem with Zope user
authentication: the proliferation of user folders.

The problem is there are now quite a few user folders that all kinda
look the same, smell the same, and share a good bit of code.  This is
very brittle.  The 'backends' should be abstracted away from the
'frontend' and we should return to the original state of grace, one type
of user folder.

At the moment if we were to change an aspect of Zope authentication that
would break existing user folders, we would have to go and fix every
single one, the orpaned ones without maintainers (like etcUserFolder, my
personal orphan) would simply remain broken until someone got frustrated
enough to fix them.  This is a pretty bad state of affairs.

So lets fire up a discussion on what kind of model we could impliment to
have a generic user folder with pluggable backends (one of which could
be PAM).  It might even be a good idea to look *at* PAM for some ideas,
anyone here a PAM expert?

Hmm.. it might also be nice to take Membership and the ZPT into
consideration here, like support for extensable user objects (if the
'backend' supports it) etc.

-Michel