|
Project Information
|
PROJECT INFOTGIDProviders is a collection of Identity providers that help you get up and running quickly when you want to validate passwords against an LDAP directory, a UNIX password file, or a SMB provider under Windows. It takes advantage of TurboGears' entry points (provided by SetupTools) to extend the capabilities of the default identity providers to support other authentication methods. The default LDAP filter is configured for Active Directory for now, though this might change in the future. OpenID is not yet supported, but patches are welcome! See the TODO file for other enhancement ideas. DISCLAIMERThis application has not been audited by a security expert. Use at your own risk. BACKGROUNDThis project was originally derived from the attachments of the Turbogears IdentityManagement documentation. The attachments were: soldapprovider.py, sopwdprovider.py, and sosmbprovider.py. See the CREDITS file to join me in thanking their authors. The project shell was created using "tg-admin quickstart -t tgwidget"[1]. The tgswidget template includes more files than I need at this point (like everything in the static directory), but I'm going to keep the fluff around for a bit in case the openid provider needs to have it. HINTSFor unix_passwd authentication, you will probably encounter problems due to password shadowing. Password shadowing prevents anyone besides the administrator (root) from retrieving even the encrypted passwords on a system. A simple workaround is to add yourself to the "shadow" group (sudo adduser --group shadow ; sudo adduser MYUSERID shadow), and then allow the "shadow" group to read the /etc/shadow file (sudo chgrp shadow /etc/shadow ; chmod g+r /etc/shadow). You'll probably have to sign out in order for the group privleges to take effect. FOOTNOTES
|