Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Z
ZODB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Nicolas Wavrant
ZODB
Commits
ee9a9f86
Commit
ee9a9f86
authored
May 30, 2003
by
Jeremy Hylton
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update for authentication and for a few tools.
parent
84bbbd01
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
50 additions
and
0 deletions
+50
-0
doc/ZEO/howto.txt
doc/ZEO/howto.txt
+50
-0
No files found.
doc/ZEO/howto.txt
View file @
ee9a9f86
...
@@ -164,6 +164,30 @@ http://www.zope.com/Products/ZopeProducts/ZRS. In general, it could
...
@@ -164,6 +164,30 @@ http://www.zope.com/Products/ZopeProducts/ZRS. In general, it could
be used to with a system that arranges to provide hot backups of
be used to with a system that arranges to provide hot backups of
servers in the case of failure.
servers in the case of failure.
Authentication
~~~~~~~~~~~~~~
ZEO supports optional authentication of client and server using a
password scheme similar to HTTP digest authentication (RFC 2069). It
is a simple challenge-response protocol that does not send passwords
in the clear, but does not offer strong security. The RFC discusses
many of the limitations of this kind of protocol. Note that this
feature provides authentication only. It does not provide encryption
or confidentiality.
The challenge-response also produces a session key that is used to
generate message authentication codes for each ZEO message. This
should prevent session hijacking.
Guard the password database as if it contained plaintext passwords.
It stores the hash of a username and password. This does not expose
the plaintext password, but it is sensitive nonetheless. An attacker
with the hash can impersonate the real user. This is a limitation of
the simple digest scheme.
The authentication framework allows third-party developers to provide
new authentication modules.
Installing software
Installing software
-------------------
-------------------
...
@@ -282,6 +306,19 @@ transaction-timeout
...
@@ -282,6 +306,19 @@ transaction-timeout
transaction takes too long, the client connection will be closed
transaction takes too long, the client connection will be closed
and the transaction aborted.
and the transaction aborted.
authentication-protocol
The name of the protocol used for authentication. The
only protocol provided with ZEO is "digest," but extensions
may provide other protocols.
authentication-database
The path of the database containing authentication credentials.
authentication-realm
The authentication realm of the server. Some authentication
schemes use a realm to identify the logic set of usernames
that are accepted by this server.
Configuring client
Configuring client
------------------
------------------
...
@@ -354,6 +391,10 @@ read-only-fallback
...
@@ -354,6 +391,10 @@ read-only-fallback
acceptable as a fallback when no writable storages are
acceptable as a fallback when no writable storages are
available. Defaults to false. At most one of read_only and
available. Defaults to false. At most one of read_only and
read_only_fallback should be true.
read_only_fallback should be true.
realm
The authentication realm of the server. Some authentication
schemes use a realm to identify the logic set of usernames
that are accepted by this server.
A ZEO client can also be created by calling the ClientStorage
A ZEO client can also be created by calling the ClientStorage
constructor explicitly. For example::
constructor explicitly. For example::
...
@@ -384,6 +425,15 @@ server. The server will continue writing to the renamed log file
...
@@ -384,6 +425,15 @@ server. The server will continue writing to the renamed log file
until it receives the signal. After it receives the signal, the
until it receives the signal. After it receives the signal, the
server will create a new file with the old name and write to it.
server will create a new file with the old name and write to it.
Tools
-----
There are a few scripts that may help running a ZEO server. The
zeopack.py script connects to a server and packs the storage. It can
be run as a cron job. The zeoup.py script attempts to connect to a
ZEO server and verify that is is functioning. The zeopasswd.py script
manages a ZEO servers password database.
Diagnosing problems
Diagnosing problems
-------------------
-------------------
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment