Modify

Opened 5 years ago

Last modified 3 years ago

#5502 new task

Add sasldb support

Reported by: anonymous Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: sasl helpwanted
Cc: Trac Release: 0.11

Description

This is good idea use subversion passwd file as central authentication base for subversion and trac, but not good in untrusted networks. Trac works fine over stunnel. But if we turn on sasl in subversion then we cant use passwd file. I know that we can use Apache + htpasswd for central https authentication. But I think that it is not hard to add sasl support for AccountManagerPlugin.

Attachments (0)

Change History (8)

comment:1 follow-up: Changed 5 years ago by mgood

  • Keywords helpwanted added

I'm glad to look at patches, but don't really have the time to look into this myself.

comment:2 follow-up: Changed 4 years ago by anonymous

I would like to share the SASL database between Subversion and Trac as well. I have had a brief look at this but know nothing of Python so can't offer a patch. I notice that a project exists <http://github.com/dwd/Suelta> which may make matters more tractable for anyone interested in attempting an implementation.

comment:3 in reply to: ↑ 2 Changed 4 years ago by anonymous

Another library for consideration: http://github.com/thisismedium/python-sasl

comment:4 in reply to: ↑ 1 Changed 4 years ago by hasienda

  • Owner changed from mgood to hasienda
  • Summary changed from sasldb support request to Add sasldb support

Replying to mgood:

I'm glad to look at patches, but don't really have the time to look into this myself.

Same with me, as I've taken over maintenance recently.

comment:5 follow-up: Changed 3 years ago by hasienda

Too bad for you, it doesn't seem like there is high demand for this feature.

And as long as I don't use it myself, I require to meet someone willing to do production testing, or sharing a sasl authentication backend will not happen quickly.

For what it's worth I'd prefer to go with the Suelta implementation after reading through both of them in source. Code is lean compared to python-sasl, even if the test is useless in it's current form, and it seems stable, although I didn't find any quick hint on current use.

David Alan Cridland, the author re-licensed his work to MIT lic back in 2010, what is a good thing. In fact GPL (before) would have been a no-go. Now it's certainly compatible AFAIK with AcctMgr, and would stay for the hypothetical SASL IPasswordStore implementation, if we decide to fully integrate and suck in the code into the module itself.

Obvious tasks and challenges:

  • decide to add on-top or integrate source (maybe contact the author)
  • create a prototype implementation for password verification only
  • think about handling of interaction required in some cases at client side (confirmation messages/response)
  • do i18n as much as required (non-existing in Suelta today)
  • maybe more...

comment:6 in reply to: ↑ 5 Changed 3 years ago by hasienda

Replying to hasienda:

![...] (maybe contact the author)

Done.

comment:7 follow-up: Changed 3 years ago by anonymous

Suelta is client-only - it has no server-side implementation at all. Not to say it couldn't grow that, but it's a substantial chunk of work.

comment:8 in reply to: ↑ 7 Changed 3 years ago by hasienda

Replying to anonymous:

Suelta is client-only - it has no server-side implementation at all. Not to say it couldn't grow that, but it's a substantial chunk of work.

Why even bother with the sasl server side? As I took it, there is demand to integrate a sasl client into AcctMgr for sharing an existing sasl auth backend with several services, non building the sasl backend itself (into AcctMgr).

Add Comment

Modify Ticket

Action
as new The owner will remain hasienda.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.