[ZODB-Dev] CHAP with ZEO

[Michel Pelletier]

Based on a thread we had a couple weeks ago, I have been doing some
experiementation with adding CHAP (Challenge Handshake Auth. Protocol) to
the ZEO client/server.   CHAP is a simple, widely used authentication
protocol best known for it's use in the PPP world:

http://www.faqs.org/rfcs/rfc1994.html

I have come up with a little prototype that implements CHAP between a
client and a server.  I believe that this brings a medium-level of
security to ZEO, alowing (reasonably cautious) people to open up access to
their ZEO servers over unprotected networks with a little bit more peace
of mind.

Encrypted transport and many other security features are way out of CHAP's
scope, this is just simple challenge authentication that is reasonably
secure because no passwords are transmitted in the clear.  Encryption can
still be done, of course, with stunnel or ssh for the mroe paranoid as it
is done today.

Is this something we should think about rolling into ZEO?  This may
encourage people to build more distributed Zope sites, possibly even large
clusters run by the community.  The implementation was done by subclassing
StorageServer and ClientStorage, so it's totally b/w compatable and
optional.

-Michel