[Zope-PAS] what plugins are needed for authentication
robert rottermann
robert at redcor.ch
Wed Apr 4 09:03:34 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wichert Akkerman schrieb:
> Previously robert rottermann wrote:
>> Mark Hammond wrote:
>>>> Hi there,
>>>>
>>>> I want to write a PAS Plugin that does only the authentication.
>>>>
>>>> it should do the authentication and then store it in a
>>>> session for a coupple of hours.
>>>>
>>>> Now I am unsure which services I have to implement.
>>>> IAuthenticationPlugin ??
>>>> IExtractionPlugin ??
>>>>
>>> Without more information, it's unclear what you will need. Assuming you
>>> want to reuse either HTTP basic or cookie authentication for the mechanics
>>> of getting a username/password pair, you can enable the standard PAS plugins
>>> for IChallengePlugin and IExtractionPlugin. You should then only need to
>>> implement IAuthenticationPlugin - and the main job there is for you to
>>> validate the credentials, then return a dict with the username you
>>> extracted. You will also need to have a user manager - the "ZODB User
>>> Manager" might be OK. I'd recommend the approach of setting PAS up with
>>> everything working as you want except for the actual authentication you want
>>> to perform. You should then replace the interfaces from that set until
>>> everything you need is done :)
>>>
>>> This is mainly from memory, but I hope it helps...
>>>
>>> Mark
>>>
>>> _______________________________________________
>>> Zope-PAS mailing list
>>> Zope-PAS at zope.org
>>> http://mail.zope.org/mailman/listinfo/zope-pas
>>>
>>>
>> thank you very mutch to all the answer I got.
>> This is what I need:
>>
>> on an intranet I want to have all users in a plone "user_source".
>> the authentication itself should be against a bunch of
>> ActiveDirectory-domains.
>> after the authemtication I just want the user to be authorized without
>> the need to re authenticate during business hours.
>
> Why do you want to have the users in source_users for that? That isn't
> necessary. Just do the normal AD authentication using LDAPMultiPlugins
> and use a session plugin such as SessionAuthHelper or plone.session.
with this approach we would loose the ability to
- - easily search for users
- - easily add users to ad hoc local groups.
I would be happy to hear that I am wrong tough ..
robert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFGE6IlGaryJ0T9kUYRAuaAAJwKwWO2IQ5lg6gfU6HzPPpORVog3gCcCsZo
3B1HGtBl9q3/1Vawhwwgf/g=
=2aHr
-----END PGP SIGNATURE-----
More information about the Zope-PAS
mailing list