Mercurial > p > roundup > code

diff doc/customizing.txt @ 1236:dd52bf10f934

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bug fixes. - fixed bug in login if the username wasn't known - handle close/rollback of already-closed sqlite database - added example for external passwd-style user password verification
author Richard Jones <richard@users.sourceforge.net>
date Fri, 27 Sep 2002 01:04:38 +0000
parents 7441653e5330
children 8dd4f736370b
line wrap: on
line diff
--- a/doc/customizing.txt	Thu Sep 26 23:59:08 2002 +0000
+++ b/doc/customizing.txt	Fri Sep 27 01:04:38 2002 +0000
@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.49 $
+:Version: $Revision: 1.50 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -2118,6 +2118,45 @@
 4. Use the usual "new" action as the :action on the final page, and you're
    done (the standard context/submit method can do this for you).
 
+
+Using an external password validation source
+--------------------------------------------
+
+We have a centrally-managed password changing system for our users. This
+results in a UN*X passwd-style file that we use for verification of users.
+Entries in the file consist of ``name:password`` where the password is
+encrypted using the standard UN*X ``crypt()`` function (see the ``crypt``
+module in your Python distribution). An example entry would be::
+
+    admin:aamrgyQfDFSHw
+
+Each user of Roundup must still have their information stored in the Roundup
+database - we just use the passwd file to check their password. To do this, we
+add the following code to our ``Client`` class in the tracker home
+``interfaces.py`` module::
+
+    def verifyPassword(self, userid, password):
+        # get the user's username
+        username = self.db.user.get(userid, 'username')
+
+        # the passwords are stored in the "passwd.txt" file in the tracker
+        # home
+        file = os.path.join(self.db.config.TRACKER_HOME, 'passwd.txt')
+
+        # see if we can find a match
+        for ent in [line.strip().split(':') for line in open(file).readlines()]:
+            if ent[0] == username:
+                return crypt.crypt(password, ent[1][:2]) == ent[1]
+
+        # user doesn't exist in the file
+        return 0
+
+What this does is look through the file, line by line, looking for a name that
+matches.
+
+We also remove the redundant password fields from the ``user.item`` template.
+
+
 -------------------
 
 Back to `Table of Contents`_
Roundup Issue Tracker: http://roundup-tracker.org/