Modify

Opened 15 years ago

Last modified 21 months ago

#5502 new enhancement

Add sasldb support

Reported by: anonymous Owned by:
Priority: low Component: AccountManagerPlugin
Severity: normal Keywords: sasl helpwanted
Cc: Trac Release: 0.11

Description

This is good idea use subversion passwd file as central authentication base for subversion and trac, but not good in untrusted networks. Trac works fine over stunnel. But if we turn on sasl in subversion then we cant use passwd file. I know that we can use Apache + htpasswd for central https authentication. But I think that it is not hard to add sasl support for AccountManagerPlugin.

Attachments (0)

Change History (10)

comment:1 Changed 15 years ago by Matt Good

Keywords: helpwanted added

I'm glad to look at patches, but don't really have the time to look into this myself.

comment:2 Changed 14 years ago by anonymous

I would like to share the SASL database between Subversion and Trac as well. I have had a brief look at this but know nothing of Python so can't offer a patch. I notice that a project exists <http://github.com/dwd/Suelta> which may make matters more tractable for anyone interested in attempting an implementation.

comment:3 in reply to:  2 Changed 14 years ago by anonymous

Another library for consideration: http://github.com/thisismedium/python-sasl

comment:4 in reply to:  1 Changed 14 years ago by Steffen Hoffmann

Owner: changed from Matt Good to Steffen Hoffmann
Summary: sasldb support requestAdd sasldb support

Replying to mgood:

I'm glad to look at patches, but don't really have the time to look into this myself.

Same with me, as I've taken over maintenance recently.

comment:5 Changed 13 years ago by Steffen Hoffmann

Too bad for you, it doesn't seem like there is high demand for this feature.

And as long as I don't use it myself, I require to meet someone willing to do production testing, or sharing a sasl authentication backend will not happen quickly.

For what it's worth I'd prefer to go with the Suelta implementation after reading through both of them in source. Code is lean compared to python-sasl, even if the test is useless in it's current form, and it seems stable, although I didn't find any quick hint on current use.

David Alan Cridland, the author re-licensed his work to MIT lic back in 2010, what is a good thing. In fact GPL (before) would have been a no-go. Now it's certainly compatible AFAIK with AcctMgr, and would stay for the hypothetical SASL IPasswordStore implementation, if we decide to fully integrate and suck in the code into the module itself.

Obvious tasks and challenges:

  • decide to add on-top or integrate source (maybe contact the author)
  • create a prototype implementation for password verification only
  • think about handling of interaction required in some cases at client side (confirmation messages/response)
  • do i18n as much as required (non-existing in Suelta today)
  • maybe more...

comment:6 in reply to:  5 Changed 13 years ago by Steffen Hoffmann

Replying to hasienda:

![...] (maybe contact the author)

Done.

comment:7 Changed 13 years ago by anonymous

Suelta is client-only - it has no server-side implementation at all. Not to say it couldn't grow that, but it's a substantial chunk of work.

comment:8 in reply to:  7 Changed 13 years ago by Steffen Hoffmann

Replying to anonymous:

Suelta is client-only - it has no server-side implementation at all. Not to say it couldn't grow that, but it's a substantial chunk of work.

Why even bother with the sasl server side? As I took it, there is demand to integrate a sasl client into AcctMgr for sharing an existing sasl auth backend with several services, non building the sasl backend itself (into AcctMgr).

comment:9 Changed 8 years ago by Ryan J Ollos

Owner: Steffen Hoffmann deleted

comment:10 Changed 21 months ago by figaro

Priority: normallow
Type: taskenhancement

Change from task to enhancement and lowering priority for reasons outlined by Steffen Hoffmann.

An explanation of sasl: Simple_Authentication_and_Security_Layer

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The ticket will remain with no owner.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.