On Apr 20, 2005, at 5:04, J Cameron Cooper wrote:
I understand there was to be some re-working of id mangling. Is that
supposed to be on the zbir_fixing_ids_branch, and if so, how's that
going?
The exposure of the mangled id through getId (on PropertiedUser) seems
problematic (although I'm not
Hi there,
In Zope auth we have this cool (and I'm being serious here!) idea that
authentication and authorisation are seperate things. So I'm confused as
to why an authorization failure returns a 401 and not a 403.
My understanding is as follows:
1. anonymous request comes in for url that is not
Frank Tegtmeyer wrote:
Either of you guys tried SimpleUserFolder?
Yes, I tried. The showstopper for me was the question how to
force a form based login.
What do you mean by "force form based login"?
SUF + CookieCrumbler is usually how I do this...
As far as I remember also getting the
credentials
On 2005-04-20 04:14:21 -0400, Jens Vagelpohl
<[EMAIL PROTECTED]> said:
On Apr 20, 2005, at 5:04, J Cameron Cooper wrote:
I understand there was to be some re-working of id mangling. Is that
supposed to be on the zbir_fixing_ids_branch, and if so, how's that
going?
The exposure of the mangled i
Sidnei da Silva wrote:
| Now, 5.2 is where I have the problem, since raising unauthorized
| anywhere in Zope traditionally pops up a basic auth box rather than
| returning standard_error_message with a 403 response which, as time goes
| by, I'm starting to think is what should really happen.
Ye
On 2005-04-20 11:20:26 -0400, Chris Withers
<[EMAIL PROTECTED]> said:
Sidnei da Silva wrote:
| 3. How does PAS handle failover from one authentication plugin to the next?
/me leaves slot for PAS experts to fill
Each attempt at authenticating a particular set of credentials gets a
crack, and eith