Metadata-Version: 1.1
Name: zope.password
Version: 4.0.0
Summary: Password encoding and checking utilities
Home-page: http://pypi.python.org/pypi/zope.password
Author: Zope Foundation and Contributors
Author-email: zope-dev@zope.org
License: ZPL 2.1
Description: ================
        Password Manager
        ================
        
        This package provides a password manager mechanism. Password manager
        is an utility object that can encode and check encoded
        passwords. Beyond the generic interface, this package also provides
        seven implementations:
        
        * PlainTextPasswordManager - the most simple and the less secure
          one. It does not do any password encoding and simply checks password
          by string equality.  It's useful in tests or as a base class for
          more secure implementations.
        
        * MD5PasswordManager - a password manager that uses MD5 algorithm to
          encode passwords. It's generally weak against dictionary attacks due to a
          lack of a salt.
         
        * SMD5PasswordManager - a password manager that uses MD5 algorithm, together
          with a salt to encode passwords. It's better protected against against
          dictionary attacks, but the MD5 hashing algorithm is not as strong as the
          SHA1 algorithm.
        
        * SHA1PasswordManager - a password manager that uses SHA1 algorithm to
          encode passwords. It has the same weakness as the MD5PasswordManager.
         
        * SSHAPasswordManager - the most secure password manager that is
          strong against dictionary attacks. It's basically SHA1-encoding
          password manager which also incorporates a salt into the password
          when encoding it.
        
        * CryptPasswordManager - A manager implementing the crypt(3) hashing scheme.
          Only available if the python crypt module is installed. This is a legacy
          manager, only present to ensure that zope.password can be used for all
          schemes defined in RFC 2307 (LDAP).
        
        * MySQLPasswordManager - A manager implementing the digest scheme as
          implemented in the MySQL PASSWORD function in MySQL versions before 4.1. 
          Note that this method results in a very weak 16-byte hash.
        
        The Crypt, MD5, SMD5, SHA and SSHA password managers are all compatible with
        RFC 2307 LDAP implementations of the same password encoding schemes.
        
        It is strongly recommended to use SSHAPasswordManager, as it's the
        most secure.
        
        The package also provides a script `zpasswd` to generate principal
        entries in typical ``site.zcml`` files.
        
        Usage
        -----
        
        It's very easy to use password managers. The
        ``zope.password.interfaces.IPasswordManager`` interface defines only
        two methods::
        
          def encodePassword(password):
              """Return encoded data for the given password"""
        
          def checkPassword(encoded_password, password):
              """Return whether the given encoded data coincide with the given password"""
        
        An extended interface, ``zope.password.interfaces.IMatchingPasswordManager``,
        adds one additional method::
        
          def match(encoded_password):
              """
              Returns True when the given data was encoded with the scheme
              implemented by this password manager.
        
              """
        
        The implementations mentioned above are in the
        ``zope.password.password`` module.
        
        
        Password Manager Names Vocabulary
        ---------------------------------
        
        The ``zope.password.vocabulary`` module provides a vocabulary of
        registered password manager utility names. It is typically registered
        as an `IVocabularyFactory` utility named "Password Manager Names".
        
        It's intended to be used with ``zope.component`` and ``zope.schema``,
        so you need to have them installed and the utility registrations needs
        to be done properly. The `configure.zcml` file, contained in
        ``zope.password`` does the registrations, as well as in
        `setUpPasswordManagers` function in ``zope.password.testing`` module.
        
        zpasswd script
        --------------
        
        ``zpasswd`` is a script to generate principal entries in typical
        ``site.zcml`` files.
        
        You can create a ``zpasswd`` script in your package by adding a
        section like this to your ``buildout.cfg``::
        
          [zpasswd]
          recipe = z3c.recipe.dev:script
          eggs = zope.password
          module = zope.password.zpasswd
          method = main
        
        This will generate a script ``zpasswd`` next time you run
        ``buildout``.
        
        When run, the script will ask you for all parameters needed to create
        a typical principal entry, including the encrypted password.
        
        Use::
        
          $ bin/zpasswd --help
        
        to get a list of options.
        
        Using
        
          $ bin/zpasswd -c some/site.zcml
        
        the script will try to lookup any password manager you defined and
        registered in your environment. This is lookup is not necessary if you
        go with the standard password managers defined in `zope.password`.
        
        A typical ``zpasswd`` session::
        
          $ ./bin/zpasswd 
        
          Please choose an id for the principal.
        
          Id: foo
        
        
          Please choose a title for the principal.
        
          Title: The Foo
        
        
          Please choose a login for the principal.
        
          Login: foo
        
          Password manager:
        
           1. Plain Text
           2. MD5
           3. SHA1
           4. SSHA
        
          Password Manager Number [4]: 
          SSHA password manager selected
        
        
          Please provide a password for the principal.
        
          Password: 
          Verify password: 
        
          Please provide an optional description for the principal.
        
          Description: The main foo 
        
          ============================================
          Principal information for inclusion in ZCML:
        
            <principal
              id="foo"
              title="The Foo"
              login="foo"
              password="{SSHA}Zi_Lsz7Na3bS5rz4Aer-9TbqomXD2f3T"
              description="The main foo"
              password_manager="SSHA"
              />
        
        
        
        
        =======
        CHANGES
        =======
        
        4.0.0 (2013-02-21)
        ------------------
        
        - Made `zpasswd` a proper console script entry point.
        
        - Added ``tox.ini`` and ``MANIFEST.in``.
        
        - Added support for Python 3.3
        
        - Replaced deprecated ``zope.interface.implements`` usage with equivalent
          ``zope.interface.implementer`` decorator.
        
        - Dropped support for Python 2.4 and 2.5.
        
        - Add a new ``IMatchingPasswordManager`` interface with a 'match' method,
          which returns True if a given password hash was encdoded with the scheme
          implemented by the specific manager. All managers in this package implement
          this interface.
        
        - Use {SHA} as the prefix for SHA1-encoded passwords to be compatible with
          RFC 2307, but support matching against {SHA1} for backwards compatibility.
        
        - Add a crypt password manager to fully support all methods named in RFC 2307.
          It is contained in the 'legacy' module however, to flag crypt's status.
        
        - Add a SMD5 (salted MD5) password manager to fully support all encoding
          schemes implemented by OpenLDAP.
        
        - Add a MySQL PASSWORD() (versions before 4.1) password manager, as also found
          in Zope2's AccessControl.AuthEncoding module.
        
        - Remove the useless, cosmetic salt from the MD5 and SHA1 password managers,
          and use base64 encoding instead of hexdigests. This makes the output of
          these managers compatible with other MD5 and SHA1 hash implementations such
          as RFC 2307 but doesn't lower it's security in any way. Checking passwords
          against old, still 'salted' password hashes with hexdigests is still
          supported.
        
        - Use the standard_base64encode method instead of url_base64encode to maintain
          compatibility with LDAP.
        
        3.6.1 (2010-05-27)
        ------------------
        
        - The SSHAPasswordManager.checkPassword() would not handle unicode input
          (even if the string would only contain ascii characters). Now, the
          encoded_password input will be encoded to ascii, which is deemed safe as it
          should not contain non-ascii characters anyway.
        
        3.6.0 (2010-05-07)
        ------------------
        
        - Removed zope.testing dependency for tests.
        
        - Updated some copyright headers to comply to repository policy.
        
        - Added zpasswd script formerly hold in zope.app.server. Contrary to
          former zpasswd script, which used "Plain Text" as default password
          manager, now SSHA is used as default.
        
        3.5.1 (2009-03-14)
        ------------------
        
        - Make security protection directives in `configure.zcml` execute only
          if ``zope.security`` is installed. This will allow reuse of the
          `configure.zcml` file in environments without ``zope.security``,
          for example with ``repoze.zcml``.
        
        - Add "Password Manager Names" vocabulary for use with ``zope.schema``
          and ``zope.component``, like it was in ``zope.app.authentication``.
          It's an optional feature so it doesn't add hard dependency. We use
          "vocabulary" extra to list dependencies needed for vocabulary functionality.
        
        3.5.0 (2009-03-06)
        ------------------
        
        First release. This package was splitted off from ``zope.app.authentication``
        to separate password manager functionality that is greatly re-usable without
        any bit of ``zope.app.authentication`` and to reduce its dependencies.
        
Keywords: zope authentication password zpasswd
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: Zope Public License
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Natural Language :: English
Classifier: Operating System :: OS Independent
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Framework :: Zope3
