[Zope] PAM Authentication & RSA Authentication Manager

[Andrew Milton]

+-------[ Tom Trelvik ]----------------------
| Chris Withers wrote:
| >PluggableAuthenticationService is your friend, you may not even need PAM 
| >;-)
| 
| 	I'm sure PluggableAuthService -- and exUserFolder, etc. -- are great 
| and all, but if you don't mind my asking the dumb question ... why 
| reinvent a perfectly good wheel?  This seems like exactly the kind of 
| thing PAM was designed for.  One product introducing PAM support would 
| eliminate the need to support most of these other authentication 
| schemes.  And with the kind of extensibility already available, it'd 
| still be perfectly possible to create your own authentication method if 

1st, you need PAM support on every platform.

2nd, you need python/zope bindings for PAM that don't impose licensing restrictions
on you. The current PyPAM bindings are GPL (not even LGPL), so that pretty
much restricts the pool of people willing to bind to them. (Motivation for me
to write my own bindings is pretty low).

3rd, you underestimate just what people want out of their web app. They don't
want to setup PAM and deal with new mysterious TLA crap, when their database or 
NT server is already working just fine. 

4th, people use these things to manage users not just auth them, and PAM
unfortunately doesn't do that.

In other words, if people wanted it badly enough, it'd be done.

Let me know when you're finished d8)

-- 
Andrew Milton
akm at theinternet.com.au