[Grok-dev] Re: Grokwiki Security in Eggified Grok

Uli Fouquet uli at gnufix.de
Sat Aug 18 14:57:02 EDT 2007

Hi Martijn,

Am Samstag, den 18.08.2007, 19:22 +0200 schrieb Martijn Faassen:
[snip: grok & PAU issues with admin-UI]
> > 
> > Yes, something changed. The admin-UI installs a different Pluggable
> > User-Authentication (PAU) on setup. Unfortunately no 'native' editing of
> > the users and their passwords is currently possible.
> By 'native' I assume you mean editing of this information from within 
> the grok admin UI, right?

Exactly. :-)

>  I think it's a very high priority to enable 
> this, as we don't want to rely on the obscure and ugly ZMI in any way.

I might try to do it within the GSOC time limit (i.e. until the 20th),
but will discuss this and the priority of other things to do with
Philipp before. Okay?

> We also need to consider the interaction between Grok's authentication 
> story and the authentication story of any grok-based application. I 
> assume that someone can just install their own authentication plugin in 
> their application's site and that authentication will then work for 
> users defined there.

Yes. This should work out-of-the-box if I understood the PAU concept
correctly (with help of Philipps Book).

>  What about the users defined high-up by grok 
> though? What can they do?

By default the PAU added by the admin-UI parses site.zcml to grab the
administrator users' name, password and roles. The setup happens only,
if there is not already a PAU (of same name and prefix) installed. I
could change this behaviour to always parse the site.zcml on start-up,
but then a user management would not make sense, because it would be
overwritten on every start-up.

Currently the roles are not read from site.zcml. This will be fixed soon

I did not examine this deep enough yet. Basically, I expected that
everything concerning authentication would work like before, only
handled by a different PAU. This presumption was false, apparently.

I hope, I can say more until tomorrow morning (and have most evil things
fixed) ;-)

Kind regards,


More information about the Grok-dev mailing list