Re: [Zope] sending a encrypted login URL

2009-03-05 Thread Dieter Maurer
Joseph Thomas (s) wrote at 2009-3-4 10:29 -0600:
We'd like to construct a zope login URL of the form on another server:
http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_passwor
d=xxxsubmit=Log+in
where the ac_name and ac_password parameters are encrypted using zope
public key (?) and have the parameters decrypted when zope receives the
request and login the user.
Is there an API or some way to encrypt the username and password on the
3rd party app server and configure zope so that it treats the parameters
as encrypted values rather than plaintext?

We are doing this using the Python package M2Crypto.EVP
for the encryption/decryption.



-- 
Dieter
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] sending a encrypted login URL

2009-03-05 Thread Joseph Thomas (s)
Thanks, could you elaborate a bit, I'm somewhat new zope/plone:

I assume we'd need a shared key on both on ore j2ee server and zope, and
did you need to create any changes to Plone PAS?



-Original Message-
From: Dieter Maurer [mailto:die...@handshake.de] 
Sent: Thursday, March 05, 2009 1:55 PM
To: Joseph Thomas (s)
Cc: zope@zope.org
Subject: Re: [Zope] sending a encrypted login URL

Joseph Thomas (s) wrote at 2009-3-4 10:29 -0600:
We'd like to construct a zope login URL of the form on another server:
http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_passwo
r
d=xxxsubmit=Log+in
where the ac_name and ac_password parameters are encrypted using zope
public key (?) and have the parameters decrypted when zope receives the
request and login the user.
Is there an API or some way to encrypt the username and password on the
3rd party app server and configure zope so that it treats the
parameters
as encrypted values rather than plaintext?

We are doing this using the Python package M2Crypto.EVP
for the encryption/decryption.



-- 
Dieter
Consider our environment; please print this e-mail only if truly
necessary. Thank you! 
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] sending a encrypted login URL

2009-03-05 Thread Andreas Jung
On Thu, Mar 5, 2009 at 21:01, Joseph Thomas (s) jtho...@cap.org wrote:
 Thanks, could you elaborate a bit, I'm somewhat new zope/plone:

 I assume we'd need a shared key on both on ore j2ee server and zope, and
 did you need to create any changes to Plone PAS?


Tres explained it to you. You have to write a PAS plugin. There are a bunch
of PAS plugins available that can serve as example.

-aj
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] sending a encrypted login URL

2009-03-05 Thread Dieter Maurer
Joseph Thomas (s) wrote at 2009-3-5 14:01 -0600:
Thanks, could you elaborate a bit, I'm somewhat new zope/plone:

I assume we'd need a shared key on both on ore j2ee server and zope

EVP (documented in the *nix man pages) supports both symmetical
as well as unsymmetrical encryption.
When you use symmetrical encryption (we do),
you need (of course) a shared secret.

 and
did you need to create any changes to Plone PAS?

We are not using Plone (GPL) but I think that no changes to Plone PAS
would be necessary (exception in a moment).

Instead of redirecting to logged_in, you can use a preprocessor
(e.g. remotelogin) which decrypts the information and then calls logged_in.

The problem which might force you the change something:
The standard Plone user folders to not provide access to
a cleartext password (for obvious security reasons).
That means when you want to perform a remotelogin to your partner
system, it is not easy to obtain the password for such a remote
login. Your partner system may have the same problem when it
performs a remote login to Plone.


You can use an SSO solution, e.g. CAS.
When I have understood correctly, there are PAS plugins supporting CAS.


You can also change the PAS plugin that stores the user identification
such that is also stores the password (e.g. in the session)
such that you can retrieve it for a remote login.



-- 
Dieter
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


[Zope] sending a encrypted login URL

2009-03-04 Thread Joseph Thomas (s)
We'd like to construct a zope login URL of the form on another server:

 

http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_passwor
d=xxxsubmit=Log+in

 

 

where the ac_name and ac_password parameters are encrypted using zope
public key (?) and have the parameters decrypted when zope receives the
request and login the user.

 

Is there an API or some way to encrypt the username and password on the
3rd party app server and configure zope so that it treats the parameters
as encrypted values rather than plaintext?

 

Joseph Thomas

College of American Pathologists

http://www.cap.org http://www.cap.org/ 

 



Consider our environment; please print this e-mail only if truly
necessary. Thank you! ___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] sending a encrypted login URL

2009-03-04 Thread Andreas Jung
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Use SSL and you're done.

- -aj

On 04.03.2009 17:29 Uhr, Joseph Thomas (s) wrote:
 We’d like to construct a zope login URL of the form on another server:
 
  
 
 http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_password=xxxsubmit=Log+in
 http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_password=xxxsubmit=Log+in
 
  
 
  
 
 where the ac_name and ac_password parameters are encrypted using zope
 public key (?) and have the parameters decrypted when zope receives the
 request and login the user.
 
  
 
 Is there an API or some way to encrypt the username and password on the
 3^rd party app server and configure zope so that it treats the
 parameters as encrypted values rather than plaintext?
 
  
 
 Joseph Thomas
 
 College of American Pathologists
 
 http://www.cap.org http://www.cap.org/
 
  
 
 
 
 
 ___
 Zope maillist  -  Zope@zope.org
 http://mail.zope.org/mailman/listinfo/zope
 **   No cross posts or HTML encoding!  **
 (Related lists - 
  http://mail.zope.org/mailman/listinfo/zope-announce
  http://mail.zope.org/mailman/listinfo/zope-dev )


- -- 
ZOPYX Ltd.  Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany
Web: www.zopyx.com - Email: i...@zopyx.com - Phone +49 - 7071 - 793376
Registergericht: Amtsgericht Stuttgart, Handelsregister A 381535
Geschäftsführer/Gesellschafter: ZOPYX Limited, Birmingham, UK
- 
E-Publishing, Python, Zope  Plone development, Consulting

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkmurnAACgkQCJIWIbr9KYylKQCgn3WWP5SzGrrAQbJIQXv7Bfac
3fwAoIiI4iwtVBFVRg7jtZu5Vgy5fw3f
=MHol
-END PGP SIGNATURE-
begin:vcard
fn:Andreas Jung
n:Jung;Andreas
org:ZOPYX Ltd.  Co. KG
adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany
email;internet:i...@zopyx.com
title:CEO
tel;work:+49-7071-793376
tel;fax:+49-7071-7936840
tel;home:+49-7071-793257
x-mozilla-html:FALSE
url:www.zopyx.com
version:2.1
end:vcard

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )


Re: [Zope] sending a encrypted login URL

2009-03-04 Thread Tino Wildenhain

Andreas Jung wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Use SSL and you're done.


SSL solves SSO? I don't think so.

Cheers
Tino


- -aj

On 04.03.2009 17:29 Uhr, Joseph Thomas (s) wrote:

We’d like to construct a zope login URL of the form on another server:

 


http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_password=xxxsubmit=Log+in
http://zope.domain:port/context/logged_in?__ac_name=uzz__ac_password=xxxsubmit=Log+in

 

 


where the ac_name and ac_password parameters are encrypted using zope
public key (?) and have the parameters decrypted when zope receives the
request and login the user.

 


Is there an API or some way to encrypt the username and password on the
3^rd party app server and configure zope so that it treats the
parameters as encrypted values rather than plaintext?

 


Joseph Thomas

College of American Pathologists

http://www.cap.org http://www.cap.org/

 





___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce

 http://mail.zope.org/mailman/listinfo/zope-dev )



- -- 
ZOPYX Ltd.  Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany

Web: www.zopyx.com - Email: i...@zopyx.com - Phone +49 - 7071 - 793376
Registergericht: Amtsgericht Stuttgart, Handelsregister A 381535
Geschäftsführer/Gesellschafter: ZOPYX Limited, Birmingham, UK
- 
E-Publishing, Python, Zope  Plone development, Consulting

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkmurnAACgkQCJIWIbr9KYylKQCgn3WWP5SzGrrAQbJIQXv7Bfac
3fwAoIiI4iwtVBFVRg7jtZu5Vgy5fw3f
=MHol
-END PGP SIGNATURE-

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce

 http://mail.zope.org/mailman/listinfo/zope-dev )





smime.p7s
Description: S/MIME Cryptographic Signature
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )