checkpasswd-imap – A mod_authnz_external style password checker.
For those of you who out there who have ever set up Trac in the past, you probably know that the out-of-the-box installation requires that you use some sort of external authentication mechanism to validate users who have access to Trac. You’ll also know that if you use Google Accounts that and mod_auth_openid, it’s really difficult to authenticate users without adding a little bit of custom code to either Trac, mod_auth_openid, or both. (Or if you don’t, I haven’t figured out a way to do it). In the end I just ended up sidestepping the whole process and resorted to using mod_auth_imap against Google’s IMAP server. Unfortunately, that lead to a second problem….it appears that mod_auth_imap validates users credentials against the server for each HTTP request resulting in lots and lots of unnecessary traffic, painfully slow HTTP requests and if the IMAP server happens to have rate-limiting it’s an easy way to quickly lock out all your accounts. So for anybody who is faced with a similar problem, I hacked this little checkpasswd style external authentication program. Here’s a quick rundown of the features:
- Configurable for multiple IMAP servers with filtering of users by regular expressions
- Compatible with mod_authnz_external
- Login credentials are cached with unrecoverable encryption and then stored to disk. Optionally this can be configured to be put in a RAM drive and cleaned regularly with a cron job.
- Portable, written in Python. Tested on Gentoo Linux only with Python 2.6.
- Can be used in conjunction with mod_dav_svn
If anybody has any questions or comments feel free to email me. If you find bugs or issues, please wear the white hat and let me know so I can fix them immediately. The code is released under GPL v3.
All the instructions are included in the archive.
Patrick “Invictvs” Twohig <invictvs@namazustudios.com> (A.K.A. “The Server Guy”)
