Opened 15 years ago
Last modified 14 months ago
#5502 new enhancement
Add sasldb support
| Reported by: | anonymous | Owned by: | |
|---|---|---|---|
| Priority: | low | Component: | AccountManagerPlugin |
| Severity: | normal | Keywords: | sasl helpwanted |
| Cc: | Trac Release: | 0.11 |
Description
This is good idea use subversion passwd file as central authentication base for subversion and trac, but not good in untrusted networks. Trac works fine over stunnel. But if we turn on sasl in subversion then we cant use passwd file. I know that we can use Apache + htpasswd for central https authentication. But I think that it is not hard to add sasl support for AccountManagerPlugin.
Attachments (0)
Change History (10)
comment:1 follow-up: 4 Changed 15 years ago by
| Keywords: | helpwanted added |
|---|
comment:2 follow-up: 3 Changed 14 years ago by
I would like to share the SASL database between Subversion and Trac as well. I have had a brief look at this but know nothing of Python so can't offer a patch. I notice that a project exists <http://github.com/dwd/Suelta> which may make matters more tractable for anyone interested in attempting an implementation.
comment:3 Changed 14 years ago by
Another library for consideration: http://github.com/thisismedium/python-sasl
comment:4 Changed 14 years ago by
| Owner: | changed from Matt Good to Steffen Hoffmann |
|---|---|
| Summary: | sasldb support request → Add sasldb support |
Replying to mgood:
I'm glad to look at patches, but don't really have the time to look into this myself.
Same with me, as I've taken over maintenance recently.
comment:5 follow-up: 6 Changed 13 years ago by
Too bad for you, it doesn't seem like there is high demand for this feature.
And as long as I don't use it myself, I require to meet someone willing to do production testing, or sharing a sasl authentication backend will not happen quickly.
For what it's worth I'd prefer to go with the Suelta implementation after reading through both of them in source. Code is lean compared to python-sasl, even if the test is useless in it's current form, and it seems stable, although I didn't find any quick hint on current use.
David Alan Cridland, the author re-licensed his work to MIT lic back in 2010, what is a good thing. In fact GPL (before) would have been a no-go. Now it's certainly compatible AFAIK with AcctMgr, and would stay for the hypothetical SASL IPasswordStore implementation, if we decide to fully integrate and suck in the code into the module itself.
Obvious tasks and challenges:
- decide to add on-top or integrate source (maybe contact the author)
- create a prototype implementation for password verification only
- think about handling of interaction required in some cases at client side (confirmation messages/response)
- do i18n as much as required (non-existing in
Sueltatoday) - maybe more...
comment:7 follow-up: 8 Changed 13 years ago by
Suelta is client-only - it has no server-side implementation at all. Not to say it couldn't grow that, but it's a substantial chunk of work.
comment:8 Changed 13 years ago by
Replying to anonymous:
Suelta is client-only - it has no server-side implementation at all. Not to say it couldn't grow that, but it's a substantial chunk of work.
Why even bother with the sasl server side? As I took it, there is demand to integrate a sasl client into AcctMgr for sharing an existing sasl auth backend with several services, non building the sasl backend itself (into AcctMgr).
comment:9 Changed 7 years ago by
| Owner: | Steffen Hoffmann deleted |
|---|
comment:10 Changed 14 months ago by
| Priority: | normal → low |
|---|---|
| Type: | task → enhancement |
Change from task to enhancement and lowering priority for reasons outlined by Steffen Hoffmann.
An explanation of sasl: Simple_Authentication_and_Security_Layer
I'm glad to look at patches, but don't really have the time to look into this myself.