[CalendarServer-users] PAM Authentication?
Cyrus Daboo
cdaboo at apple.com
Fri Jan 11 07:57:34 PST 2008
Hi Stephen,
--On January 11, 2008 8:26:04 AM -0500 Stephen Bowman <sbbowman at gmail.com>
wrote:
> Yes, that is what I thought. I, and I think many many others, would like
> to use PAM for just the authentication piece, and then fall on another
> directory service (XML) to do the provisioning.
>
In the short term you can do this:
- Configure the server to use the XML accounts.
- Then modify/override the
twistedcaldav.directory.xmlfile.XMLDirectoryRecord.verifyCredentials method
to do the PAM check returning True or False depdning on whether
authentication succeeds.
In the longer term we need to support a "pluggable" authentication
approach. That would probably involve changing the
twistedcaldav.directory.directory.DirectoryService.requestAvatarId method
to accept "pluggable" credentials checkers. Note that right now we do have
that method hard-coded to recognize the Kerberos checker and use that. We
just need to generalize that approach. Feel free to tackle that and send in
patches if you have time...
--
Cyrus Daboo
More information about the calendarserver-users
mailing list