[Zope-PAS] auth fallback with cookies

J Cameron Cooper jccooper at jcameroncooper.com
Tue Jul 26 19:09:53 EDT 2005


Say I have a user in a root acl_users folder (call it 'admin'). I also 
have a PAS user folder in a sub-object of the root. This PAS is 
configured to do cookie auth, and users will typically login using a form.

Now, if I try to log in as 'admin' in that form, it doesn't work. I 
think this is why:

  - credentials are supplied via a form to the PAS cookie auth plugin

  - there is no such user, so it fails

  - 'validate' returns None, so Zope goes to the next user folder (which 
the basic in the root where 'admin' lives)

  - that one tries to validate but gets nothing: it looks for HTTP basic 
credentials, but finds nothing, since login is form based

Does this sound about right? Anybody have a strategy to get around this?

		--jcc
-- 
Enfold Systems, LLC
http://www.enfoldsystems.com



More information about the Zope-PAS mailing list