[Zope-PAS] Struggling with 'challenge' support.

Mark Hammond mhammond at skippinet.com.au
Wed Sep 22 08:15:04 EDT 2004

Thanks for the replies!

> That's my fault. I forgot to fix it. HTTPBasicAuthHelper's challenge
> should do nothing, since it's challenge implementation is to
> return an
> unauthorized HTTP response, which is the default reaction.

I'm afraid that with these changes, I don't see "challenge" called at all.

> Here is a challenge response that *does* work:

As above - it never actually gets called for me.  The 'validate' method
does, but I never see a call to challenge()

> > I need to do an NTLM dance - the authentication process
> > will require my plugin to return a 404 twice, each time
> > exchanging tokens with the client in headers.
> > I'm really not sure how my plugin is supposed to
> > handle that.

> Scribble on the Response headers and then raise Unauthorized
> should do it.

Is there any way I can keep 'state' between these calls?  Somehow I need to
coordinate the first and second of these calls.

> I couldn't help myself.
> http://zope.org/Members/regebro/KniggetChallenge/swpackage_view

I tried that - I was initially prompted to logon, and when I did, I got a
simple "Insufficient Privileges" messages - without the elderberries :)

Today isn't my day - I'll have more of a play in my morning.



More information about the Zope-PAS mailing list