Thank you for such a complete answer. At this point, I don't think that it is worth it to our team to develop such a solution since theres only going to be around 10 users that will be logging in and they are all sysadmins and developers. However, if we do end up using such a solution in the future, we'll make sure to get the results back to you!
Zakir -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Duncan McGreggor Sent: Tuesday, December 05, 2006 11:19 PM To: General discussion of using zenoss system Subject: Re: [zenoss-users] External Authentication On Dec 5, 2006, at 8:32 PM, Durumeric, Zakir B wrote: > Has anybody worked on using external authentication with Zenoss, > against basic unix logins, PAM or kerberos? Or is this more of a Zope > question than a Zenoss question? Zenoss uses PAS (PluggableAuthService). Short answer: currently there is no support for authentication against PAM or Kerberos. There are PAS plugins for LDAP, however (with reports of working against MS AD). Here's the long answer: PAS is software that abstracts most authentication workflow into separate plugins. In essence, this provides an "easy" means of writing authenticating plugins against anything that has python libs (or that you can create python libs for). There's a quick intro to this topic here: http://plone.org/documentation/tutorial/borg/writing-a-custom-pas- plug-in I just found a plugin for Sun's Access Manager here: https://pluto.objectrealms.net/svn/public/pasplugins/samagentauth/ trunk And another for (what looks like) authenticating against a SQL source: https://dev.serverzen.com/svn/public/projects/SQLPASPlugin/trunk/ I could find nothing for PAM or Kerberos with PAS. I happen to know (personally) the guy that originally sponsored the python PAM code. He had one of his employees write it, but that guy has long-since left the company. It is not currently maintained. However, python 2.5 has the 'spwd' module, and this would be a better approach: http://docs.python.org/lib/module-spwd.html It looks like there is some recent work on a python module for using Kerberos from Python https://launchpad.net/people/bmontgom/+branch/+junk/python-krb5 http://www.montynet.org/bzr/python-krb5/ With python 2.5, it would be fairly easy for a python programmer familiar with PAS to to write a PAS plugin for authenticating against the UNIX shadow passwd file. Depending on how stable/solid the python code for Kerberos is, as PAS plugin for Kereros would also be in the realm of possibility. It is my understanding that Zenoss has not received much of a demand for this level of functionality. However, if you do end up writing a Kerberos or spwd PAS plugin, we'd be delighted to review it and possibly include it in a future release. Conversely, if you don't have the time and this is very important to you, I'm sure you could contract for plugin development. d _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users _______________________________________________ zenoss-users mailing list [email protected] http://lists.zenoss.org/mailman/listinfo/zenoss-users
