On Sun, Feb 20, 2011 at 12:39, Martijn Pieters <m...@zopatista.com> wrote: >> Yes, changing the existing interface would require a 4.0. If you'd add >> a new interface extending the IPasswordManager one, we could do it in >> a 3.x release. >> >> A new zope.password 3.x release could go into both ZTK 1.1 and 1.0, a >> backwards incompatible 4.0 would have to wait for ZTK 1.2. > > Right. What would be a suitable name for the extended interface? > IMatchingPasswordManager? > > I've committed a revision that implements this as an extension to the > existing interface: > > http://zope3.pov.lt/trac/changeset/120458/zope.password/trunk > > but that's easy enough to change. > > I've also found that the SHA1 scheme in zope.password uses the {SHA1} > prefix, which is incompatible with LDAP and > AccessControl.AuthEncoding, which both use {SHA} instead. I'll change > zope.password to support {SHA} as well, defaulting to that prefix.
I've implemented the {SHA} prefix change, as well as implement {CRYPT} support, making zope.password useful for all schemes explicitly named in RFC 2307, except the MD5 scheme. The latter uses a salt by default, making it incompatible with LDAP {MD5}. Open LDAP implements a salted MD5 scheme ({SMD5}) but places the salt at the end of the hash, not at the beginning as the zope.password manager implements it. I think I can keep that one backwards compatible but disable support for generating hashes with a salt, and add a SMD5 manager to implement a compatible scheme. With all the new password managers, this will be at least a 3.7 release, with a separate extended interface. -- Martijn Pieters _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )