[Zope] PAM user folders?

[Tres Seaver]

"Andrew H. Chatham" <andrew.chatham@duke.edu> wrote:

>         I'm not sure if this is the right mailing list to ask (maybe
> zope-dev?), but here's what I'm trying to do. I need to authenticate
> potentially a very large number of people off of kerberos5. To my knowledge
> there's no krb5 userfolder or anything like that; I could write one, but it
> seems that it would be much more elegant and possibly easier to use some sort
> of PAM authentication and then just use a PAM-krb5 module.
> 
>         But it doesn't seem like there's a PAM-Zope interface either, is there?
> Or am I just not seeing it? There seemed to be some discussion previously of
> how that would be a good idea, but I never sawa conclusion. If there is no such
> animal, I guess I'll write one. Is my impression that things are moving towards
> LoginManager plugins correct? Would that be the ideal place to put this kind of
> thing? Has anyone attempted to do much with this? I would imagine with the
> PyPAM module it wouldn't be terribly difficult, but I'd rather not duplicate
> effort if I don't have to.

A lot of the "common abstraction" benefits of using PAM are perhaps
eclipsed by the much higher-level abstractions offered by the LoginManager
product.  I think the best approach would be to work with Phillip Eby and Ty
Sarna (the developers of LoginManager) who are about to release an
LDAP-enabled LM derivative.  My guess is that writing a PAM/kerberos LM
derivative will be a SMOP, given the LDAP version as a model (think, "writing
an ethernet driver for Linux, for a NIC much like the 3C509").

Tres.
-- 
=========================================================
Tres Seaver  tseaver@digicool.com   tseaver@palladion.com