1Metadata-Version: 1.0 2Name: zope.password 3Version: 3.6.1 4Summary: Password encoding and checking utilities 5Home-page: http://pypi.python.org/pypi/zope.password 6Author: Zope Foundation and Contributors 7Author-email: zope-dev@zope.org 8License: ZPL 2.1 9Description: ================ 10 Password Manager 11 ================ 12 13 This package provides a password manager mechanism. Password manager 14 is an utility object that can encode and check encoded 15 passwords. Beyond the generic interface, this package also provides 16 four implementations: 17 18 * PlainTextPasswordManager - the most simple and the less secure 19 one. It does not do any password encoding and simply checks password 20 by string equality. It's useful in tests or as a base class for 21 more secure implementations. 22 23 * MD5PasswordManager - a password manager that uses MD5 algorithm to 24 encode passwords. It adds salt to the encoded password, but the salt 25 is not used for encoding the password itself, so the use of salt in 26 it is purely cosmetical. It's generally weak against dictionary 27 attacks. 28 29 * SHA1PasswordManager - a password manager that uses SHA1 algorithm to 30 encode passwords. It has the same salt weakness as the 31 MD5PasswordManager. 32 33 * SSHAPasswordManager - the most secure password manager that is 34 strong against dictionary attacks. It's basically SHA1-encoding 35 password manager which also incorporates a salt into the password 36 when encoding it. This password manager is compatible with passwords 37 used in LDAP databases. 38 39 It is strongly recommended to use SSHAPasswordManager, as it's the 40 most secure. 41 42 The package also provides a script `zpasswd` to generate principal 43 entries in typical ``site.zcml`` files. 44 45 Usage 46 ----- 47 48 It's very easy to use password managers. The 49 ``zope.password.interfaces.IPasswordManager`` interface defines only 50 two methods:: 51 52 def encodePassword(password): 53 """Return encoded data for the given password""" 54 55 def checkPassword(encoded_password, password): 56 """Return whether the given encoded data coincide with the given password""" 57 58 The implementations mentioned above are in the 59 ``zope.password.password`` module. 60 61 62 Password Manager Names Vocabulary 63 --------------------------------- 64 65 The ``zope.password.vocabulary`` module provides a vocabulary of 66 registered password manager utility names. It is typically registered 67 as an `IVocabularyFactory` utility named "Password Manager Names". 68 69 It's intended to be used with ``zope.component`` and ``zope.schema``, 70 so you need to have them installed and the utility registrations needs 71 to be done properly. The `configure.zcml` file, contained in 72 ``zope.password`` does the registrations, as well as in 73 `setUpPasswordManagers` function in ``zope.password.testing`` module. 74 75 zpasswd script 76 -------------- 77 78 ``zpasswd`` is a script to generate principal entries in typical 79 ``site.zcml`` files. 80 81 You can create a ``zpasswd`` script in your package by adding a 82 section like this to your ``buildout.cfg``:: 83 84 [zpasswd] 85 recipe = z3c.recipe.dev:script 86 eggs = zope.password 87 module = zope.password.zpasswd 88 method = main 89 90 This will generate a script ``zpasswd`` next time you run 91 ``buildout``. 92 93 When run, the script will ask you for all parameters needed to create 94 a typical principal entry, including the encrypted password. 95 96 Use:: 97 98 $ bin/zpasswd --help 99 100 to get a list of options. 101 102 Using 103 104 $ bin/zpasswd -c some/site.zcml 105 106 the script will try to lookup any password manager you defined and 107 registered in your environment. This is lookup is not necessary if you 108 go with the standard password managers defined in `zope.password`. 109 110 A typical ``zpasswd`` session:: 111 112 $ ./bin/zpasswd 113 114 Please choose an id for the principal. 115 116 Id: foo 117 118 119 Please choose a title for the principal. 120 121 Title: The Foo 122 123 124 Please choose a login for the principal. 125 126 Login: foo 127 128 Password manager: 129 130 1. Plain Text 131 2. MD5 132 3. SHA1 133 4. SSHA 134 135 Password Manager Number [4]: 136 SSHA password manager selected 137 138 139 Please provide a password for the principal. 140 141 Password: 142 Verify password: 143 144 Please provide an optional description for the principal. 145 146 Description: The main foo 147 148 ============================================ 149 Principal information for inclusion in ZCML: 150 151 <principal 152 id="foo" 153 title="The Foo" 154 login="foo" 155 password="{SSHA}Zi_Lsz7Na3bS5rz4Aer-9TbqomXD2f3T" 156 description="The main foo" 157 password_manager="SSHA" 158 /> 159 160 161 162 163 ======= 164 CHANGES 165 ======= 166 167 3.6.1 (2010-05-27) 168 ------------------ 169 170 - The SSHAPasswordManager.checkPassword() would not handle unicode input 171 (even if the string would only contain ascii characters). Now, the 172 encoded_password input will be encoded to ascii, which is deemed safe as it 173 should not contain non-ascii characters anyway. 174 175 3.6.0 (2010-05-07) 176 ------------------ 177 178 - Removed zope.testing dependency for tests. 179 180 - Updated some copyright headers to comply to repository policy. 181 182 - Added zpasswd script formerly hold in zope.app.server. Contrary to 183 former zpasswd script, which used "Plain Text" as default password 184 manager, now SSHA is used as default. 185 186 3.5.1 (2009-03-14) 187 ------------------ 188 189 - Make security protection directives in `configure.zcml` execute only 190 if ``zope.security`` is installed. This will allow reuse of the 191 `configure.zcml` file in environments without ``zope.security``, 192 for example with ``repoze.zcml``. 193 194 - Add "Password Manager Names" vocabulary for use with ``zope.schema`` 195 and ``zope.component``, like it was in ``zope.app.authentication``. 196 It's an optional feature so it doesn't add hard dependency. We use 197 "vocabulary" extra to list dependencies needed for vocabulary functionality. 198 199 3.5.0 (2009-03-06) 200 ------------------ 201 202 First release. This package was splitted off from ``zope.app.authentication`` 203 to separate password manager functionality that is greatly re-usable without 204 any bit of ``zope.app.authentication`` and to reduce its dependencies. 205 206Keywords: zope authentication password zpasswd 207Platform: UNKNOWN 208Classifier: Development Status :: 5 - Production/Stable 209Classifier: Environment :: Web Environment 210Classifier: Intended Audience :: Developers 211Classifier: License :: OSI Approved :: Zope Public License 212Classifier: Programming Language :: Python 213Classifier: Natural Language :: English 214Classifier: Operating System :: OS Independent 215Classifier: Topic :: Internet :: WWW/HTTP 216Classifier: Framework :: Zope3 217