Hi Stephen,
--On January 11, 2008 8:26:04 AM -0500 Stephen Bowman <[EMAIL PROTECTED]>
wrote:
Yes, that is what I thought. I, and I think many many others, would like
to use PAM for just the authentication piece, and then fall on another
directory service (XML) to do the provisioning.
In the short term you can do this:
- Configure the server to use the XML accounts.
- Then modify/override the
twistedcaldav.directory.xmlfile.XMLDirectoryRecord.verifyCredentials method
to do the PAM check returning True or False depdning on whether
authentication succeeds.
In the longer term we need to support a "pluggable" authentication
approach. That would probably involve changing the
twistedcaldav.directory.directory.DirectoryService.requestAvatarId method
to accept "pluggable" credentials checkers. Note that right now we do have
that method hard-coded to recognize the Kerberos checker and use that. We
just need to generalize that approach. Feel free to tackle that and send in
patches if you have time...
--
Cyrus Daboo
_______________________________________________
calendarserver-users mailing list
calendarserver-users@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo/calendarserver-users
