Re: [ZODB-Dev] ZEO authentication
Am 14.06.2010, 15:50 Uhr, schrieb Jim Fulton j...@zope.com: On Sat, Jun 12, 2010 at 9:17 PM, Nitro ni...@dr-code.org wrote: Hello, I am using ZEO authentication. When I try to login with the proper credentials (everything works just fine. If I try to login with the wrong credentials, I get a traceback like shown below. However, the code trying to establish the connection (in my case databaseFromConfig) never returns, instead the client tries to reconnect over and over again. Of course reconnecting will always fail since the credentials stay wrong. I can't display a message to the user that his login attempt failed, because I never receive an exception in the code that tried to establish the connection. Is this a bug? It is a miss-feature. The assumption is that failures are transient and that the client should retry indefinitely. After all, your client might have correct credentials and the server's configuration may be wrong. :) Ehehe, I guess everything is relative -- except me :) Or is there another method to detect that a connection has failed because of authentication? You can supply a false wait option and then test yourself for a successful connection. There's also a timeout option, but it doesn't work as most people would suspect. That could easily be called a bug. Thanks for this answer, Jim. I'll try using the false wait option. -Matthias ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org https://mail.zope.org/mailman/listinfo/zodb-dev
[ZODB-Dev] ZEO authentication
Hello, I am using ZEO authentication. When I try to login with the proper credentials (everything works just fine. If I try to login with the wrong credentials, I get a traceback like shown below. However, the code trying to establish the connection (in my case databaseFromConfig) never returns, instead the client tries to reconnect over and over again. Of course reconnecting will always fail since the credentials stay wrong. I can't display a message to the user that his login attempt failed, because I never receive an exception in the code that tried to establish the connection. Is this a bug? Or is there another method to detect that a connection has failed because of authentication? -Mattthias Traceback: (4344) CW: error in testConnection (('localhost', 17654)) Traceback (most recent call last): File C:\Python26\lib\site-packages\zodb3-3.10.0b1-py2.6-win32.egg\ZEO\zrpc\cl ient.py, line 577, in test_connection self.preferred = self.client.testConnection(self.conn) File C:\Python26\lib\site-packages\zodb3-3.10.0b1-py2.6-win32.egg\ZEO\ClientS torage.py, line 570, in testConnection skey = self.doAuth(auth, stub) File C:\Python26\lib\site-packages\zodb3-3.10.0b1-py2.6-win32.egg\ZEO\ClientS torage.py, line 538, in doAuth return c.start(self._username, self._realm, self._password) File C:\Python26\lib\site-packages\zodb3-3.10.0b1-py2.6-win32.egg\ZEO\auth\au th_digest.py, line 139, in start result = self.stub.auth_response((username, challenge, resp_dig)) File C:\Python26\lib\site-packages\zodb3-3.10.0b1-py2.6-win32.egg\ZEO\ServerS tub.py, line 397, in call return self.rpc.call(self.name, *a, **kwa) File C:\Python26\lib\site-packages\zodb3-3.10.0b1-py2.6-win32.egg\ZEO\zrpc\co nnection.py, line 733, in call raise inst # error raised by server LookupError: No such user: idontexist ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org https://mail.zope.org/mailman/listinfo/zodb-dev
[ZODB-Dev] ZEO authentication change backported to 3.7 and 3.8
Since nobody objected I have backported the ZEO authentication patch from trunk to the 3.7 and 3.8 branches. In the meantime someone also filed a bugreport for this issue (https://bugs.launchpad.net/zodb/+bug/220856) which is fixed by this change. Wichert. -- Wichert Akkerman [EMAIL PROTECTED] It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO authentication change backported to 3.7 and 3.8
Jim Fulton wrote: I don't see any mention of this under 3.8.1 in the NEWS.txt on the 3.8.1 branch. Please add a news item. Sorry about that, fixed. Wichert. -- Wichert Akkerman [EMAIL PROTECTED] It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 May 2006, at 05:46, David Pratt wrote: I am curious how folks are handling authentication for ZEO in a general way (client against the server). Is is common to attempt to use user/passwords from acl in zope as a means of creating a lists for authenticating against a ZEO server? Or is it more typical to manage a separate list of user/passwords just for the purpose of authenticating the client server connection? I'd like to hear what sort of things are being done to handle this generally. Many thanks. I don't know anyone who uses authenticated ZEO connections, does it even work? IMHO most people are in a situation where the traffic between the ZEO clients and the ZEO server runs on an internal network, so it simply doesn't matter. Or small setups where the communication is on one and the same machine. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEdseGRAx5nvEhZLIRApfTAJ9MjasVk9UHp1yvlBP2BNPQl6GXKACeIpIC Yx5XIHtQzPX9+xQzbL71zh0= =G8RQ -END PGP SIGNATURE- ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
Hi Jens, this is available in ZEO and looks to me that the original idea was to support more than a single mode of authentication. I was curious of those using it to see how it was generally being used (or whether others have worked out something against other authentication schemes). Many thanks. Regards, David Jens Vagelpohl wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 May 2006, at 05:46, David Pratt wrote: I am curious how folks are handling authentication for ZEO in a general way (client against the server). Is is common to attempt to use user/passwords from acl in zope as a means of creating a lists for authenticating against a ZEO server? Or is it more typical to manage a separate list of user/passwords just for the purpose of authenticating the client server connection? I'd like to hear what sort of things are being done to handle this generally. Many thanks. I don't know anyone who uses authenticated ZEO connections, does it even work? IMHO most people are in a situation where the traffic between the ZEO clients and the ZEO server runs on an internal network, so it simply doesn't matter. Or small setups where the communication is on one and the same machine. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEdseGRAx5nvEhZLIRApfTAJ9MjasVk9UHp1yvlBP2BNPQl6GXKACeIpIC Yx5XIHtQzPX9+xQzbL71zh0= =G8RQ -END PGP SIGNATURE- ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
--On 26. Mai 2006 16:47:41 +0100 Jens Vagelpohl [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 May 2006, at 16:43, Benji York wrote: Andreas Jung wrote: You could use a firewall to allow incoming ZEO connection only from authorized IP address...should not be more than some lines of iptables configuration or so. Similarly, you can use a VPN. -- You can use a VLAN, too. Or a monkey to control each ZEO packet :-) -aj -- ZOPYX Ltd. Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: [EMAIL PROTECTED] - Phone +49 - 7071 - 793376 E-Publishing, Python, Zope Plone development, Consulting pgpn1goZldfev.pgp Description: PGP signature ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
Well, you might need a few monkeys for sure :-) I guess it is safe to say, that the authentication built into ZEO is not used extensively. You never know until you ask. I guess if it were, it might depend on the use case you have for ZEO more than anything. Many thanks. Regards David You can use a VLAN, too. Or a monkey to control each ZEO packet :-) -aj ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
[ZODB-Dev] ZEO Authentication
I am curious how folks are handling authentication for ZEO in a general way (client against the server). Is is common to attempt to use user/passwords from acl in zope as a means of creating a lists for authenticating against a ZEO server? Or is it more typical to manage a separate list of user/passwords just for the purpose of authenticating the client server connection? I'd like to hear what sort of things are being done to handle this generally. Many thanks. Regards David ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
[ZODB-Dev] zeo authentication
Hello: Long, long ago,in a far away land, I seem to recall having a zeo config that utilized the auth features. Looking to reimplement them again. Googling, e.g.: http://mail.zope.org/pipermail/zope/2005-October/161951.html indicates I need to patch a couple files in lib/python/ZODB. So I am wondering why this might be? Is there some reason why auth digest stuff is not included by default? I'm suspecting there must be some undocumented gotcha's? Next question is if not the above then what are people doing to restict unauthorized acces to zeo server other than firewall rules? btw-- This is on Zope2.9, python2.4, and FreeBSD6.0 TIA- -- Best regards, Ken Gunderson Q: Because it reverses the logical flow of conversation. A: Why is putting a reply at the top of the message frowned upon? ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev