On 8/18/09 3:52 PM, Aaron Watters wrote: > According to the paste documentation you can call > > environ['paste.auth_tkt.set_user'](userid, tokens='', user_data='') > > [ http://pythonpaste.org/modules/auth.auth_tkt.html ] > > Don't the tokens or user data allow a way to store a > hash of the password?
Probably. I just didn't (and still don't) want the liability of storing the password in the cookie, even hashed once or twice. > Alternatively what is another supported plugin which allows > passwords to be disabled, changed and timed out? You could change the existing authtkt plugin (maybe by subclassing) to do the above. But TBH, I'd suggest just writing a userid checker and passing it to the authtkt plugin. You could probably just cutnrape the "authenticate" method of the current htpasswd plugin to create the function. Note that doing so would not impose any additional speed penalty; the htpasswd plugin won't be consulted if the userid checker has a chance to return True. - C _______________________________________________ Repoze-dev mailing list Repozeemail@example.com http://lists.repoze.org/listinfo/repoze-dev