Re: [Zope-PAS] what plugins are needed for authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wichert Akkerman schrieb: > Previously robert rottermann wrote: >> with this approach we would loose the ability to >> - - easily search for users >> - - easily add users to ad hoc local groups. > > If you enable user enumeration on the LDAP plugin that should work fine. > > Wichert. > ok, I need to test that, I was of the impression that it did not work.. did I understand one the other post correctly, that with the ldap multy-pluggin and the CookieAuthHelper/SessionAuthHelper ldap is only accessed "once a day". I did not see how to do that when I installed the two in a test setup. thanks -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGE6f9GaryJ0T9kUYRAo0WAJ90WJYfidGzTXu0E25EEcai5Ap3EwCdHTRz vxBBNbIS9PrxtjxCLzNpfdA= =VBjq -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
Previously robert rottermann wrote: > with this approach we would loose the ability to > - - easily search for users > - - easily add users to ad hoc local groups. If you enable user enumeration on the LDAP plugin that should work fine. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]>It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wichert Akkerman schrieb: > Previously robert rottermann wrote: >> Mark Hammond wrote: Hi there, I want to write a PAS Plugin that does only the authentication. it should do the authentication and then store it in a session for a coupple of hours. Now I am unsure which services I have to implement. IAuthenticationPlugin ?? IExtractionPlugin ?? >>> Without more information, it's unclear what you will need. Assuming you >>> want to reuse either HTTP basic or cookie authentication for the mechanics >>> of getting a username/password pair, you can enable the standard PAS plugins >>> for IChallengePlugin and IExtractionPlugin. You should then only need to >>> implement IAuthenticationPlugin - and the main job there is for you to >>> validate the credentials, then return a dict with the username you >>> extracted. You will also need to have a user manager - the "ZODB User >>> Manager" might be OK. I'd recommend the approach of setting PAS up with >>> everything working as you want except for the actual authentication you want >>> to perform. You should then replace the interfaces from that set until >>> everything you need is done :) >>> >>> This is mainly from memory, but I hope it helps... >>> >>> Mark >>> >>> ___ >>> Zope-PAS mailing list >>> Zope-PAS@zope.org >>> http://mail.zope.org/mailman/listinfo/zope-pas >>> >>> >> thank you very mutch to all the answer I got. >> This is what I need: >> >> on an intranet I want to have all users in a plone "user_source". >> the authentication itself should be against a bunch of >> ActiveDirectory-domains. >> after the authemtication I just want the user to be authorized without >> the need to re authenticate during business hours. > > Why do you want to have the users in source_users for that? That isn't > necessary. Just do the normal AD authentication using LDAPMultiPlugins > and use a session plugin such as SessionAuthHelper or plone.session. with this approach we would loose the ability to - - easily search for users - - easily add users to ad hoc local groups. I would be happy to hear that I am wrong tough .. robert -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGE6IlGaryJ0T9kUYRAuaAAJwKwWO2IQ5lg6gfU6HzPPpORVog3gCcCsZo 3B1HGtBl9q3/1Vawhwwgf/g= =2aHr -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
Previously robert rottermann wrote: > Mark Hammond wrote: > >> Hi there, > >> > >> I want to write a PAS Plugin that does only the authentication. > >> > >> it should do the authentication and then store it in a > >> session for a coupple of hours. > >> > >> Now I am unsure which services I have to implement. > >> IAuthenticationPlugin ?? > >> IExtractionPlugin ?? > >> > > > > Without more information, it's unclear what you will need. Assuming you > > want to reuse either HTTP basic or cookie authentication for the mechanics > > of getting a username/password pair, you can enable the standard PAS plugins > > for IChallengePlugin and IExtractionPlugin. You should then only need to > > implement IAuthenticationPlugin - and the main job there is for you to > > validate the credentials, then return a dict with the username you > > extracted. You will also need to have a user manager - the "ZODB User > > Manager" might be OK. I'd recommend the approach of setting PAS up with > > everything working as you want except for the actual authentication you want > > to perform. You should then replace the interfaces from that set until > > everything you need is done :) > > > > This is mainly from memory, but I hope it helps... > > > > Mark > > > > ___ > > Zope-PAS mailing list > > Zope-PAS@zope.org > > http://mail.zope.org/mailman/listinfo/zope-pas > > > > > thank you very mutch to all the answer I got. > This is what I need: > > on an intranet I want to have all users in a plone "user_source". > the authentication itself should be against a bunch of > ActiveDirectory-domains. > after the authemtication I just want the user to be authorized without > the need to re authenticate during business hours. Why do you want to have the users in source_users for that? That isn't necessary. Just do the normal AD authentication using LDAPMultiPlugins and use a session plugin such as SessionAuthHelper or plone.session. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]>It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
Mark Hammond wrote: >> Hi there, >> >> I want to write a PAS Plugin that does only the authentication. >> >> it should do the authentication and then store it in a >> session for a coupple of hours. >> >> Now I am unsure which services I have to implement. >> IAuthenticationPlugin ?? >> IExtractionPlugin ?? >> > > Without more information, it's unclear what you will need. Assuming you > want to reuse either HTTP basic or cookie authentication for the mechanics > of getting a username/password pair, you can enable the standard PAS plugins > for IChallengePlugin and IExtractionPlugin. You should then only need to > implement IAuthenticationPlugin - and the main job there is for you to > validate the credentials, then return a dict with the username you > extracted. You will also need to have a user manager - the "ZODB User > Manager" might be OK. I'd recommend the approach of setting PAS up with > everything working as you want except for the actual authentication you want > to perform. You should then replace the interfaces from that set until > everything you need is done :) > > This is mainly from memory, but I hope it helps... > > Mark > > ___ > Zope-PAS mailing list > Zope-PAS@zope.org > http://mail.zope.org/mailman/listinfo/zope-pas > > thank you very mutch to all the answer I got. This is what I need: on an intranet I want to have all users in a plone "user_source". the authentication itself should be against a bunch of ActiveDirectory-domains. after the authemtication I just want the user to be authorized without the need to re authenticate during business hours. thanks again robert begin:vcard fn:robert rottermann n:rottermann;robert email;internet:[EMAIL PROTECTED] tel;work:031 333 10 20 tel;fax:031 333 10 23 tel;home:031 333 36 03 x-mozilla-html:FALSE version:2.1 end:vcard ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4 Apr 2007, at 12:46, Wichert Akkerman wrote: As an added benefit plone.session does not use Zope sessions, making it more scalable. For that I'd always try Tres' "Faster" product first. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGE4XHRAx5nvEhZLIRApuMAJ95V13D3uHvtwQCxFg6mrxMKyEaSwCgrSuj UOfH2u706d26CvYOpakUIAc= =H1pM -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
Previously Jens Vagelpohl wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > On 4 Apr 2007, at 11:52, Wichert Akkerman wrote: > >If he needs to use a session using something else than the username & > >password as used by the cookie plugin it should be trivial to leverage > >plone.session here. Just add a plone.session plugin to your acl_users, > >enable its interfaces, disable credentials update and reset for the > >cookie plugin and you're all set. And it'll be more secure as well :) > > Storing the credentials in a session instead of a cookie does not > require installing yet another addon product. You can do that with > the standard CookieAuthHelper and the standard SessionAuthHelper. That assumes you're doing auth based on username and password. plone.session does not make that assumption. As an added benefit plone.session does not use Zope sessions, making it more scalable. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]>It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4 Apr 2007, at 11:52, Wichert Akkerman wrote: If he needs to use a session using something else than the username & password as used by the cookie plugin it should be trivial to leverage plone.session here. Just add a plone.session plugin to your acl_users, enable its interfaces, disable credentials update and reset for the cookie plugin and you're all set. And it'll be more secure as well :) Storing the credentials in a session instead of a cookie does not require installing yet another addon product. You can do that with the standard CookieAuthHelper and the standard SessionAuthHelper. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (Darwin) iD8DBQFGE4EcRAx5nvEhZLIRAuWFAJ9zV8KARWIBpFO5Z/VRqXxYAw/YWACcC/7e MqCtENwQXsc4j51HRjCf9Ik= =OjKb -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
Previously Mark Hammond wrote: > > Hi there, > > > > I want to write a PAS Plugin that does only the authentication. > > > > it should do the authentication and then store it in a > > session for a coupple of hours. > > > > Now I am unsure which services I have to implement. > > IAuthenticationPlugin ?? > > IExtractionPlugin ?? > > Without more information, it's unclear what you will need. Assuming you > want to reuse either HTTP basic or cookie authentication for the mechanics > of getting a username/password pair, you can enable the standard PAS plugins > for IChallengePlugin and IExtractionPlugin. You should then only need to > implement IAuthenticationPlugin - and the main job there is for you to > validate the credentials, then return a dict with the username you > extracted. You will also need to have a user manager - the "ZODB User > Manager" might be OK. I'd recommend the approach of setting PAS up with > everything working as you want except for the actual authentication you want > to perform. You should then replace the interfaces from that set until > everything you need is done :) If he needs to use a session using something else than the username & password as used by the cookie plugin it should be trivial to leverage plone.session here. Just add a plone.session plugin to your acl_users, enable its interfaces, disable credentials update and reset for the cookie plugin and you're all set. And it'll be more secure as well :) Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]>It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
RE: [Zope-PAS] what plugins are needed for authentication
> Hi there, > > I want to write a PAS Plugin that does only the authentication. > > it should do the authentication and then store it in a > session for a coupple of hours. > > Now I am unsure which services I have to implement. > IAuthenticationPlugin ?? > IExtractionPlugin ?? Without more information, it's unclear what you will need. Assuming you want to reuse either HTTP basic or cookie authentication for the mechanics of getting a username/password pair, you can enable the standard PAS plugins for IChallengePlugin and IExtractionPlugin. You should then only need to implement IAuthenticationPlugin - and the main job there is for you to validate the credentials, then return a dict with the username you extracted. You will also need to have a user manager - the "ZODB User Manager" might be OK. I'd recommend the approach of setting PAS up with everything working as you want except for the actual authentication you want to perform. You should then replace the interfaces from that set until everything you need is done :) This is mainly from memory, but I hope it helps... Mark ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
[Zope-PAS] what plugins are needed for authentication
Hi there, I want to write a PAS Plugin that does only the authentication. it should do the authentication and then store it in a session for a coupple of hours. Now I am unsure which services I have to implement. IAuthenticationPlugin ?? IExtractionPlugin ?? in the bygone world off monolithic acl_users I had authenticate just returned True to authenticate the user. and did noth bother about anything else.. thanks for your insight robert begin:vcard fn:robert rottermann n:rottermann;robert email;internet:[EMAIL PROTECTED] tel;work:031 333 10 20 tel;fax:031 333 10 23 tel;home:031 333 36 03 x-mozilla-html:FALSE version:2.1 end:vcard ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas