Re: [ZODB-Dev] ZEO authentication
Am 14.06.2010, 15:50 Uhr, schrieb Jim Fulton : > On Sat, Jun 12, 2010 at 9:17 PM, Nitro wrote: >> Hello, >> >> I am using ZEO authentication. When I try to login with the proper >> credentials (everything works just fine. If I try to login with the >> wrong >> credentials, I get a traceback like shown below. However, the code >> trying >> to establish the connection (in my case databaseFromConfig) never >> returns, >> instead the client tries to reconnect over and over again. Of course >> reconnecting will always fail since the credentials stay wrong. >> >> I can't display a message to the user that his login attempt failed, >> because I never receive an exception in the code that tried to establish >> the connection. >> >> Is this a bug? > > It is a miss-feature. The assumption is that failures are transient and > that the client should retry indefinitely. After all, your client might > have > correct credentials and the server's configuration may be wrong. :) Ehehe, I guess everything is relative -- except me :) >> Or is there another method to detect that a connection has >> failed because of authentication? > > You can supply a false wait option and then test yourself for a > successful connection. > > There's also a timeout option, but it doesn't work as most people > would suspect. That could easily be called a bug. Thanks for this answer, Jim. I'll try using the false wait option. -Matthias ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org https://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO authentication
On Sat, Jun 12, 2010 at 9:17 PM, Nitro wrote: > Hello, > > I am using ZEO authentication. When I try to login with the proper > credentials (everything works just fine. If I try to login with the wrong > credentials, I get a traceback like shown below. However, the code trying > to establish the connection (in my case databaseFromConfig) never returns, > instead the client tries to reconnect over and over again. Of course > reconnecting will always fail since the credentials stay wrong. > > I can't display a message to the user that his login attempt failed, > because I never receive an exception in the code that tried to establish > the connection. > > Is this a bug? It is a miss-feature. The assumption is that failures are transient and that the client should retry indefinitely. After all, your client might have correct credentials and the server's configuration may be wrong. :) > Or is there another method to detect that a connection has > failed because of authentication? You can supply a false wait option and then test yourself for a successful connection. There's also a timeout option, but it doesn't work as most people would suspect. That could easily be called a bug. Jim -- Jim Fulton ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org https://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO authentication change backported to 3.7 and 3.8
Jim Fulton wrote: I don't see any mention of this under 3.8.1 in the NEWS.txt on the 3.8.1 branch. Please add a news item. Sorry about that, fixed. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO authentication change backported to 3.7 and 3.8
I don't see any mention of this under 3.8.1 in the NEWS.txt on the 3.8.1 branch. Please add a news item. Jim On May 3, 2008, at 7:55 AM, Wichert Akkerman wrote: Since nobody objected I have backported the ZEO authentication patch from trunk to the 3.7 and 3.8 branches. In the meantime someone also filed a bugreport for this issue (https://bugs.launchpad.net/zodb/+bug/220856 ) which is fixed by this change. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev -- Jim Fulton Zope Corporation ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
Well, you might need a few monkeys for sure :-) I guess it is safe to say, that the authentication built into ZEO is not used extensively. You never know until you ask. I guess if it were, it might depend on the use case you have for ZEO more than anything. Many thanks. Regards David You can use a VLAN, too. Or a monkey to control each ZEO packet :-) -aj ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
--On 26. Mai 2006 16:47:41 +0100 Jens Vagelpohl <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 May 2006, at 16:43, Benji York wrote: Andreas Jung wrote: You could use a firewall to allow incoming ZEO connection only from authorized IP address...should not be more than some lines of iptables configuration or so. Similarly, you can use a VPN. -- You can use a VLAN, too. Or a monkey to control each ZEO packet :-) -aj -- ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: [EMAIL PROTECTED] - Phone +49 - 7071 - 793376 E-Publishing, Python, Zope & Plone development, Consulting pgpn1goZldfev.pgp Description: PGP signature ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 May 2006, at 16:43, Benji York wrote: Andreas Jung wrote: You could use a firewall to allow incoming ZEO connection only from authorized IP address...should not be more than some lines of iptables configuration or so. Similarly, you can use a VPN. -- You can use a VLAN, too. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEdyMeRAx5nvEhZLIRAg/EAKCWc14hoMAOgNcSs86ZeePT3yQV8wCgrdmz /itBbiZPLIqKqooOH0lTVaU= =LGla -END PGP SIGNATURE- ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
Andreas Jung wrote: You could use a firewall to allow incoming ZEO connection only from authorized IP address...should not be more than some lines of iptables configuration or so. Similarly, you can use a VPN. -- Benji York Senior Software Engineer Zope Corporation ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
--On 26. Mai 2006 01:46:26 -0300 David Pratt <[EMAIL PROTECTED]> wrote: I am curious how folks are handling authentication for ZEO in a general way (client against the server). Is is common to attempt to use user/passwords from acl in zope as a means of creating a lists for authenticating against a ZEO server? Or is it more typical to manage a separate list of user/passwords just for the purpose of authenticating the client server connection? I'd like to hear what sort of things are being done to handle this generally. Many thanks. You could use a firewall to allow incoming ZEO connection only from authorized IP address...should not be more than some lines of iptables configuration or so. -aj -- ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: [EMAIL PROTECTED] - Phone +49 - 7071 - 793376 E-Publishing, Python, Zope & Plone development, Consulting pgpnqBmvyAsST.pgp Description: PGP signature ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 May 2006, at 13:30, David Pratt wrote: I don't know anyone who uses authenticated ZEO connections, does it even work? IMHO most people are in a situation where the traffic between the ZEO clients and the ZEO server runs on an internal network, so it simply doesn't matter. Or small setups where the communication is on one and the same machine. Hi Jens, this is available in ZEO and looks to me that the original idea was to support more than a single mode of authentication. I was curious of those using it to see how it was generally being used (or whether others have worked out something against other authentication schemes). Many thanks. I know there's some bits and pieces, but I never used it and don't know anyone who has. That's why I wondered if it even works. You'll probably have a hard time finding anyone who uses it. If you really have a need for it here's your chance to test it for yourself and report breakages to the Zope collector. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEdveARAx5nvEhZLIRAtU4AJ9eHrfp4k5u046b2DW8HNbmvfPtTwCgseDJ hbARN7IpwJRmmZf7WfejK2E= =f0Q2 -END PGP SIGNATURE- ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
Hi Jens, this is available in ZEO and looks to me that the original idea was to support more than a single mode of authentication. I was curious of those using it to see how it was generally being used (or whether others have worked out something against other authentication schemes). Many thanks. Regards, David Jens Vagelpohl wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 May 2006, at 05:46, David Pratt wrote: I am curious how folks are handling authentication for ZEO in a general way (client against the server). Is is common to attempt to use user/passwords from acl in zope as a means of creating a lists for authenticating against a ZEO server? Or is it more typical to manage a separate list of user/passwords just for the purpose of authenticating the client server connection? I'd like to hear what sort of things are being done to handle this generally. Many thanks. I don't know anyone who uses authenticated ZEO connections, does it even work? IMHO most people are in a situation where the traffic between the ZEO clients and the ZEO server runs on an internal network, so it simply doesn't matter. Or small setups where the communication is on one and the same machine. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEdseGRAx5nvEhZLIRApfTAJ9MjasVk9UHp1yvlBP2BNPQl6GXKACeIpIC Yx5XIHtQzPX9+xQzbL71zh0= =G8RQ -END PGP SIGNATURE- ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev
Re: [ZODB-Dev] ZEO Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 26 May 2006, at 05:46, David Pratt wrote: I am curious how folks are handling authentication for ZEO in a general way (client against the server). Is is common to attempt to use user/passwords from acl in zope as a means of creating a lists for authenticating against a ZEO server? Or is it more typical to manage a separate list of user/passwords just for the purpose of authenticating the client server connection? I'd like to hear what sort of things are being done to handle this generally. Many thanks. I don't know anyone who uses authenticated ZEO connections, does it even work? IMHO most people are in a situation where the traffic between the ZEO clients and the ZEO server runs on an internal network, so it simply doesn't matter. Or small setups where the communication is on one and the same machine. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEdseGRAx5nvEhZLIRApfTAJ9MjasVk9UHp1yvlBP2BNPQl6GXKACeIpIC Yx5XIHtQzPX9+xQzbL71zh0= =G8RQ -END PGP SIGNATURE- ___ For more information about ZODB, see the ZODB Wiki: http://www.zope.org/Wikis/ZODB/ ZODB-Dev mailing list - ZODB-Dev@zope.org http://mail.zope.org/mailman/listinfo/zodb-dev