[Zope-PAS] what plugins are needed for authentication

robert rottermann robert at redcor.ch
Wed Apr 4 09:03:34 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wichert Akkerman schrieb:
> Previously robert rottermann wrote:
>> Mark Hammond wrote:
>>>> Hi there,
>>>>
>>>> I want to write a PAS Plugin that does only the authentication.
>>>>
>>>> it should do the authentication and then store it in a
>>>> session for a coupple of hours.
>>>>
>>>> Now I am unsure which services I have to implement.
>>>> IAuthenticationPlugin ??
>>>> IExtractionPlugin  ??
>>>>     
>>> Without more information, it's unclear what you will need.  Assuming you
>>> want to reuse either HTTP basic or cookie authentication for the mechanics
>>> of getting a username/password pair, you can enable the standard PAS plugins
>>> for IChallengePlugin and IExtractionPlugin.  You should then only need to
>>> implement IAuthenticationPlugin - and the main job there is for you to
>>> validate the credentials, then return a dict with the username you
>>> extracted.  You will also need to have a user manager - the "ZODB User
>>> Manager" might be OK.  I'd recommend the approach of setting PAS up with
>>> everything working as you want except for the actual authentication you want
>>> to perform.  You should then replace the interfaces from that set until
>>> everything you need is done :)
>>>
>>> This is mainly from memory, but I hope it helps...
>>>
>>> Mark
>>>
>>> _______________________________________________
>>> Zope-PAS mailing list
>>> Zope-PAS at zope.org
>>> http://mail.zope.org/mailman/listinfo/zope-pas
>>>
>>>   
>> thank you very mutch to all the answer I got.
>> This is what I need:
>>
>>  on an intranet I want to have all users in a plone "user_source".
>> the authentication itself should be against a bunch of
>> ActiveDirectory-domains.
>> after the authemtication I just want the user to be authorized without
>> the need to re authenticate during business hours.
> 
> Why do you want to have the users in source_users for that? That isn't
> necessary. Just do the normal AD authentication using LDAPMultiPlugins
> and use a session plugin such as SessionAuthHelper or plone.session.

with this approach we would loose the ability to
- - easily search for users
- - easily add users to ad hoc local groups.

I would be happy to hear that I am wrong tough ..

robert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGE6IlGaryJ0T9kUYRAuaAAJwKwWO2IQ5lg6gfU6HzPPpORVog3gCcCsZo
3B1HGtBl9q3/1Vawhwwgf/g=
=2aHr
-----END PGP SIGNATURE-----


More information about the Zope-PAS mailing list