[Grok-dev] Re: Grokwiki Security in Eggified Grok
uli at gnufix.de
Sat Aug 18 14:57:02 EDT 2007
Am Samstag, den 18.08.2007, 19:22 +0200 schrieb Martijn Faassen:
[snip: grok & PAU issues with admin-UI]
> > Yes, something changed. The admin-UI installs a different Pluggable
> > User-Authentication (PAU) on setup. Unfortunately no 'native' editing of
> > the users and their passwords is currently possible.
> By 'native' I assume you mean editing of this information from within
> the grok admin UI, right?
> I think it's a very high priority to enable
> this, as we don't want to rely on the obscure and ugly ZMI in any way.
I might try to do it within the GSOC time limit (i.e. until the 20th),
but will discuss this and the priority of other things to do with
Philipp before. Okay?
> We also need to consider the interaction between Grok's authentication
> story and the authentication story of any grok-based application. I
> assume that someone can just install their own authentication plugin in
> their application's site and that authentication will then work for
> users defined there.
Yes. This should work out-of-the-box if I understood the PAU concept
correctly (with help of Philipps Book).
> What about the users defined high-up by grok
> though? What can they do?
By default the PAU added by the admin-UI parses site.zcml to grab the
administrator users' name, password and roles. The setup happens only,
if there is not already a PAU (of same name and prefix) installed. I
could change this behaviour to always parse the site.zcml on start-up,
but then a user management would not make sense, because it would be
overwritten on every start-up.
Currently the roles are not read from site.zcml. This will be fixed soon
I did not examine this deep enough yet. Basically, I expected that
everything concerning authentication would work like before, only
handled by a different PAU. This presumption was false, apparently.
I hope, I can say more until tomorrow morning (and have most evil things
More information about the Grok-dev