[Zope-PAS] what plugins are needed for authentication

Wichert Akkerman wichert at wiggy.net
Wed Apr 4 08:35:14 EDT 2007 

Previously robert rottermann wrote:
> Mark Hammond wrote:
> >> Hi there,
> >>
> >> I want to write a PAS Plugin that does only the authentication.
> >>
> >> it should do the authentication and then store it in a
> >> session for a coupple of hours.
> >>
> >> Now I am unsure which services I have to implement.
> >> IAuthenticationPlugin ??
> >> IExtractionPlugin  ??
> >>     
> >
> > Without more information, it's unclear what you will need.  Assuming you
> > want to reuse either HTTP basic or cookie authentication for the mechanics
> > of getting a username/password pair, you can enable the standard PAS plugins
> > for IChallengePlugin and IExtractionPlugin.  You should then only need to
> > implement IAuthenticationPlugin - and the main job there is for you to
> > validate the credentials, then return a dict with the username you
> > extracted.  You will also need to have a user manager - the "ZODB User
> > Manager" might be OK.  I'd recommend the approach of setting PAS up with
> > everything working as you want except for the actual authentication you want
> > to perform.  You should then replace the interfaces from that set until
> > everything you need is done :)
> >
> > This is mainly from memory, but I hope it helps...
> >
> > Mark
> >
> > _______________________________________________
> > Zope-PAS mailing list
> > Zope-PAS at zope.org
> > http://mail.zope.org/mailman/listinfo/zope-pas
> >
> >   
> thank you very mutch to all the answer I got.
> This is what I need:
> 
>  on an intranet I want to have all users in a plone "user_source".
> the authentication itself should be against a bunch of
> ActiveDirectory-domains.
> after the authemtication I just want the user to be authorized without
> the need to re authenticate during business hours.

Why do you want to have the users in source_users for that? That isn't
necessary. Just do the normal AD authentication using LDAPMultiPlugins
and use a session plugin such as SessionAuthHelper or plone.session.

Wichert.

-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.

More information about the Zope-PAS mailing list