[Cubicweb] Python module for Apache : how to use cubicweb.dbapi

Julien Cristau julien.cristau at logilab.fr
Fri Sep 13 16:47:47 CEST 2013


On Fri, Sep 13, 2013 at 16:11:14 +0200, Dimitri Papadopoulos Orfanos wrote:

> Hi,
> 
> I'm attemting to write an Apache authentication module that would
> use the CWusers of a CubicWeb instance.
> 
> 
> We had already discussed the following solution:
> * bypass CubicWeb,
> * directly connect to the PostgreSQL database associated to the
> CubicWeb instance,
> * read the "cw_login" and "cw_upassword" columns of the "cw_cwuser"
> PostgreSQL table,
> * understand the encoding of the "cw_upassword" column (SHA1?),
> * compare the password to the contents of the "cw_upassword" column.
> 
> Note that essential information such as the encoding of the
> "cw_upassword" column is missing.
> 
Nowadays cw_upassword is in crypt(3) format.  So at least on Unix, you
could dump cw_login:cw_upassword in a htpasswd file, if your
apache/apr-util has
http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_passwd.c?r1=1358480&r2=1361811
Before that fix IIRC you need to drop the last character from the
cw_upassword for apache to accept it.

Julien
-- 
Julien Cristau          <julien.cristau at logilab.fr>
Logilab		        http://www.logilab.fr/
Informatique scientifique & gestion de connaissances



More information about the Cubicweb mailing list