On Sun, Feb 20, 2011 at 12:39, Martijn Pieters <m...@zopatista.com> wrote:
>> Yes, changing the existing interface would require a 4.0. If you'd add
>> a new interface extending the IPasswordManager one, we could do it in
>> a 3.x release.
>> A new zope.password 3.x release could go into both ZTK 1.1 and 1.0, a
>> backwards incompatible 4.0 would have to wait for ZTK 1.2.
> Right. What would be a suitable name for the extended interface?
> IMatchingPasswordManager?
> I've committed a revision that implements this as an extension to the
> existing interface:
>  http://zope3.pov.lt/trac/changeset/120458/zope.password/trunk
> but that's easy enough to change.
> I've also found that the SHA1 scheme in zope.password uses the {SHA1}
> prefix, which is incompatible with LDAP and
> AccessControl.AuthEncoding, which both use {SHA} instead. I'll change
> zope.password to support {SHA} as well, defaulting to that prefix.

I've implemented the {SHA} prefix change, as well as implement {CRYPT}
support, making zope.password useful for all schemes explicitly named
in RFC 2307, except the MD5 scheme.

The latter uses a salt by default, making it incompatible with LDAP
{MD5}. Open LDAP implements a salted MD5 scheme ({SMD5}) but places
the salt at the end of the hash, not at the beginning as the
zope.password manager implements it.

I think I can keep that one backwards compatible but disable support
for generating hashes with a salt, and add a SMD5 manager to implement
a compatible scheme.

With all the new password managers, this will be at least a 3.7
release, with a separate extended interface.

Martijn Pieters
Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to