[CalendarServer-users] PAM Authentication?
Stephen Bowman
sbbowman at gmail.com
Fri Jan 11 13:47:59 PST 2008
But to achieve this, the Calendar Server would have to be running as root.
The caller of the PAM functions has to be root... I can't think of an easy
way around this. Anyone else?
On Jan 11, 2008 10:57 AM, Cyrus Daboo <cdaboo at apple.com> wrote:
> Hi Stephen,
>
> --On January 11, 2008 8:26:04 AM -0500 Stephen Bowman <sbbowman at gmail.com>
> wrote:
>
> > Yes, that is what I thought. I, and I think many many others, would
> like
> > to use PAM for just the authentication piece, and then fall on another
> > directory service (XML) to do the provisioning.
> >
>
> In the short term you can do this:
>
> - Configure the server to use the XML accounts.
> - Then modify/override the
> twistedcaldav.directory.xmlfile.XMLDirectoryRecord.verifyCredentialsmethod
> to do the PAM check returning True or False depdning on whether
> authentication succeeds.
>
> In the longer term we need to support a "pluggable" authentication
> approach. That would probably involve changing the
> twistedcaldav.directory.directory.DirectoryService.requestAvatarId method
> to accept "pluggable" credentials checkers. Note that right now we do have
> that method hard-coded to recognize the Kerberos checker and use that. We
> just need to generalize that approach. Feel free to tackle that and send
> in
> patches if you have time...
>
> --
> Cyrus Daboo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-users/attachments/20080111/933134c4/attachment.html
More information about the calendarserver-users
mailing list