[Zope] PAM Authentication & RSA Authentication Manager

Tom Trelvik ttt at cwru.edu
Tue Feb 1 14:42:39 EST 2005


Andrew Milton wrote:
> 1st, you need PAM support on every platform.

	True, but it's not like this is the only non-Zope dependency.  For 
example, to use LDAPUserFolder I need python-ldap.

> 2nd, you need python/zope bindings for PAM that don't impose licensing restrictions
> on you. The current PyPAM bindings are GPL (not even LGPL), so that pretty
> much restricts the pool of people willing to bind to them. (Motivation for me
> to write my own bindings is pretty low).

	I'm not sure I understand the implications here.  Most of this code is 
already open source anyway, right?  Wouldn't the GPL terms only apply to 
code that its code gets used in, and not some other program that calls it?

> 3rd, you underestimate just what people want out of their web app. They don't
> want to setup PAM and deal with new mysterious TLA crap, when their database or 
> NT server is already working just fine. 

	Oh of course, I completely agree, but like I said, other authentication 
modules are of course still available if you need something PAM doesn't 
handle or need a home grown solution of some sort.  I of course 
understand the need for that.

> 4th, people use these things to manage users not just auth them, and PAM
> unfortunately doesn't do that.

	Now this makes the most sense.  Unfortunately, it also doesn't apply to 
my situation, as I'm part of a larger organization, and want to use the 
preexisting centralized LDAP (which I of course only have read access 
to) to manage authentication so my users don't need a new set of 
usernames/passwords, but I'll be *managing* the users locally (Not sure 
yet exactly how that's going to work, still working through 
documentation and whatnot (but I certainly wouldn't mind any pointers)).

> In other words, if people wanted it badly enough, it'd be done.

	I can't really dispute that, it's certainly been thoroughly 
demonstrated by all the other products people have come out with to suit 
their needs.

> Let me know when you're finished d8)

	Ha, I wish.  Unfortunately, I'm still quite new to Zope/Plone, and 
haven't touched python yet at all (Blasphemous, I know!).  But perhaps 
someday (so I'm optimist) ...

Thanks for the informative response!

Tom


More information about the Zope mailing list