80Hi;
What follows is kind of where the conversation dropped off last week. Could
someone pick up the ball and give me a little direction?
TIA,
Rachel
7984<!-- DIV {margin:0px;}-->>There are many things to consider, and it is
difficult to advise you
>without knowing your situation. You want to authenticate people
>accessing your LDAP. Do these people already have accounts in your
>system (i.e. for shell access)? Do you want to reuse these accounts? If
>so then where do these accounts reside, e.g. passwd file, kerberos, ...?
Their
accounts will be established through a Plone (Zope) site I'm building.
That's scenario #1. Scenario #2 has *no* accounts except for my own. In
that scenario, I'm simply accessing data and spitting it out. Actually,
there are two sub-scenarios here: (a) where a request comes in for Web
page, I translate the request to something that corresponds to my
document tree. The reason for this is because certain SEs don't like
deep doc trees, but a deep doc tree is necessary for organizational
purposes in my case. So I want to assign a number to each doc, have
that published to the outside world for the sake of the SEs, then
translate it internally to fetch the document; (b) Many of the
documents reference other outside docs in a standard manner. These
references are framed in tables, with unvarying structure. Because I
continually add such references, I don't want to end up with docs that
are hundreds of thousands of bytes. So, I want to automate that when
the number referenced in a given doc reaches a certain point, say 20,
that the doc selects only the newest (or most recently added) and
displays them, with a second generated page to click to the next 20,
etc. I could do that in MySQL, but LDAP seems like the more logical
choice, since, once entered, the data will not be changed.
>Do you need authentication realms, i.e. separate namespaces for users,
>so [EMAIL PROTECTED] is considered different from [EMAIL PROTECTED] Do you need
>proxy authorization, e.g. userA needs the access rights of userB when
>userB is on vacation, or userA and userB share a responsibility and you
>want to set up a role account that both have access to? Do you need
>challenge-response authentication or are you ok with plain passwords
>over a TLS secured connection? In other words, do you need the SASL
>features at all?
Of the above, I dislike plain passwords for pretty obvious security reasons.
That is the only reason I want SASL.
>You may have to consider the access rules you want to enforce. The use
>of roles accounts, for example, ties into the proxy auth question above.
>A simple
"super user may write, authenticated user may read, others may
>nothing (except authenticate)" scheme, on the other hands, requires no
>"SASL special" features to implement.
All users in scenario #1 will have the ability to update their password, edit
their other information.
>Tons of questions, see?
Yes :)
>You can only choose a SASL (or even a non-SASL) setup when you have
>decided on some answers.
I appreciate your help ;)
TIA,
Rachel
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
