On 8/18/09 3:52 PM, Aaron Watters wrote:
> According to the paste documentation you can call
>    environ['paste.auth_tkt.set_user'](userid, tokens='', user_data='')
> [ http://pythonpaste.org/modules/auth.auth_tkt.html ]
> Don't the tokens or user data allow a way to store a
> hash of the password?

Probably.  I just didn't (and still don't) want the liability of storing the 
password in the cookie, even hashed once or twice.

> Alternatively what is another supported plugin which allows
> passwords to be disabled, changed and timed out?

You could change the existing authtkt plugin (maybe by subclassing) to do the 

But TBH, I'd suggest just writing a userid checker and passing it to the 
plugin.  You could probably just cutnrape the "authenticate" method of the 
current htpasswd plugin to create the function.  Note that doing so would not 
impose any additional speed penalty; the htpasswd plugin won't be consulted if 
the userid checker has a chance to return True.

- C
Repoze-dev mailing list

Reply via email to