ZEO client authentication utterly unusable
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
ZODB | Status tracked in 3.9 | |||||
3.7 |
Fix Committed
|
Undecided
|
Jim Fulton | |||
3.8 |
Fix Committed
|
Undecided
|
Unassigned | |||
3.9 |
Fix Released
|
Low
|
Wichert Akkerman |
Bug Description
For all versions of ZODB tagged to date, the ZEO client authentication option (documented here: http://
This is for a variety of reasons, including:
1) zeopasswd.py is needlessly difficult to use as it is not usable as a script (needs "if __name__ == '__main__': main(sys.argv[1:])" added, along with chmod +x etc)
2) ZODB/component.xml is missing the schema definitions for the 'username' and 'password' keys required to use authentication from the client (ironically 'realm' is present, though)
3) ZODB.config.
4) The entire end-to-end process required is undocumented (eg, steps to create zeo password database, configuration directives required in zope.conf, etc).
Wichert has been doping something on this, I'll assign this to him for now.