[CalendarServer-users] PAM Authentication?

Cyrus Daboo cdaboo at apple.com
Fri Jan 11 07:57:34 PST 2008

Hi Stephen,

--On January 11, 2008 8:26:04 AM -0500 Stephen Bowman <sbbowman at gmail.com> 

> Yes, that is what I thought.  I, and I think many many others, would like
> to use PAM for just the authentication piece, and then fall on another
> directory service (XML) to do the provisioning.

In the short term you can do this:

- Configure the server to use the XML accounts.
- Then modify/override the 
twistedcaldav.directory.xmlfile.XMLDirectoryRecord.verifyCredentials method 
to do the PAM check returning True or False depdning on whether 
authentication succeeds.

In the longer term we need to support a "pluggable" authentication 
approach. That would probably involve changing the 
twistedcaldav.directory.directory.DirectoryService.requestAvatarId method 
to accept "pluggable" credentials checkers. Note that right now we do have 
that method hard-coded to recognize the Kerberos checker and use that. We 
just need to generalize that approach. Feel free to tackle that and send in 
patches if you have time...

Cyrus Daboo

More information about the calendarserver-users mailing list