Document Actions

Let Plone's AccessControl speak MySQL or ...

Filed Under:

how you can use any password encryption in Plone's user authentication. If you migrate a portal to plone, mostly you have to deal with user data and hashed passwords. You have two possibilities to make these datas accessible. You can connect Plone to MySQL by a Mysql Authentication Plugin like SQLPASPlugin or you import the userdata into Plone and teach Plone how to encrypt MySQL passwords. This post deals with the second approach.

Since version 4.1 MySQL changed the hash pattern to a procedure which is not implemented in Zope's AccessControl. But it is very easy to add. Register a MYSQL41DigestScheme with the new encrypt method. Comment it because the passwords you want to insert are already encrypted.

class MYSQL41DigestScheme:
    def encrypt(self, pw):
        #return '*%s' % sha1(sha1(unicode(pw, "utf-8")).digest()).hexdigest().upper()
        return pw

    def validate(self, reference, attempt):
        a = self.encrypt(attempt)
        return (a == reference)

registerScheme('MYSQL41', MYSQL41DigestScheme())

Plone's default digest scheme is SSHA. Search for the string "SSHA" in your setup. You will find to locations (AccessControl.AuthEncoding and AccessControl.User.BasicUserFolder). Replace it with "MYSQL41". Now you can import the users by exporting it f.e. as csv and use a small script. Details can be found here.

After a successfull import uncomment the pattern in the MYSQL41DigestScheme. MySQL applies two times "sha" to the password and places a "*" at the beginning of the hash. Set the default scheme back to "SSHA" and restart your instance.That's it. Do not forget to substitute the MYSQL41 strings.

Trackback

The URI to TrackBack this entry is: http://www.prontonet.eu/pavels-blog/archive/2010/06/19/let-plones-accesscontrol-speak-mysql/trackback

Prontonet

Personal tools

Document Actions

Let Plone's AccessControl speak MySQL or ...

Trackback

Archives 2010 January (1) 2009 December (2) 2008 2007	Document Actions Let Plone's AccessControl speak MySQL or ... Filed Under: Zope python Plone Problemlösung how you can use any password encryption in Plone's user authentication. If you migrate a portal to plone, mostly you have to deal with user data and hashed passwords. You have two possibilities to make these datas accessible. You can connect Plone to MySQL by a Mysql Authentication Plugin like SQLPASPlugin or you import the userdata into Plone and teach Plone how to encrypt MySQL passwords. This post deals with the second approach. Since version 4.1 MySQL changed the hash pattern to a procedure which is not implemented in Zope's AccessControl. But it is very easy to add. Register a MYSQL41DigestScheme with the new encrypt method. Comment it because the passwords you want to insert are already encrypted. class MYSQL41DigestScheme: def encrypt(self, pw): #return '%s' % sha1(sha1(unicode(pw, "utf-8")).digest()).hexdigest().upper() return pw def validate(self, reference, attempt): a = self.encrypt(attempt) return (a == reference) registerScheme('MYSQL41', MYSQL41DigestScheme()) Plone's default digest scheme is SSHA. Search for the string "SSHA" in your setup. You will find to locations (AccessControl.AuthEncoding and AccessControl.User.BasicUserFolder). Replace it with "MYSQL41". Now you can import the users by exporting it f.e. as csv and use a small script. Details can be found here. After a successfull import uncomment the pattern in the MYSQL41DigestScheme. MySQL applies two times "sha" to the password and places a "" at the beginning of the hash. Set the default scheme back to "SSHA" and restart your instance.That's it. Do not forget to substitute the MYSQL41 strings. Trackback The URI to TrackBack this entry is: http://www.prontonet.eu/pavels-blog/archive/2010/06/19/let-plones-accesscontrol-speak-mysql/trackback
	Accessibility Contact Impressum AGB