On 8/18/09 3:52 PM, Aaron Watters wrote:
> According to the paste documentation you can call
> environ['paste.auth_tkt.set_user'](userid, tokens='', user_data='')
> [ http://pythonpaste.org/modules/auth.auth_tkt.html ]
> Don't the tokens or user data allow a way to store a
> hash of the password?
Probably. I just didn't (and still don't) want the liability of storing the
password in the cookie, even hashed once or twice.
> Alternatively what is another supported plugin which allows
> passwords to be disabled, changed and timed out?
You could change the existing authtkt plugin (maybe by subclassing) to do the
But TBH, I'd suggest just writing a userid checker and passing it to the
plugin. You could probably just cutnrape the "authenticate" method of the
current htpasswd plugin to create the function. Note that doing so would not
impose any additional speed penalty; the htpasswd plugin won't be consulted if
the userid checker has a chance to return True.
Repoze-dev mailing list