But to achieve this, the Calendar Server would have to be running as root. The caller of the PAM functions has to be root... I can't think of an easy way around this. Anyone else?
On Jan 11, 2008 10:57 AM, Cyrus Daboo <[EMAIL PROTECTED]> wrote: > Hi Stephen, > > --On January 11, 2008 8:26:04 AM -0500 Stephen Bowman <[EMAIL PROTECTED]> > wrote: > > > Yes, that is what I thought. I, and I think many many others, would > like > > to use PAM for just the authentication piece, and then fall on another > > directory service (XML) to do the provisioning. > > > > In the short term you can do this: > > - Configure the server to use the XML accounts. > - Then modify/override the > twistedcaldav.directory.xmlfile.XMLDirectoryRecord.verifyCredentialsmethod > to do the PAM check returning True or False depdning on whether > authentication succeeds. > > In the longer term we need to support a "pluggable" authentication > approach. That would probably involve changing the > twistedcaldav.directory.directory.DirectoryService.requestAvatarId method > to accept "pluggable" credentials checkers. Note that right now we do have > that method hard-coded to recognize the Kerberos checker and use that. We > just need to generalize that approach. Feel free to tackle that and send > in > patches if you have time... > > -- > Cyrus Daboo > >
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo/calendarserver-users
