Hi ,
i want to use two different authentication/challenge plugins. 1) gssapi based one (using challenge and authentication) 2) cookie/form based one (only using authentication) The gssapi based one is preferred but not all clients support this one. So the cookie/form based one should be the fallback. My Problem is: If the client hits a protected page the gssapi based challenge is run and some headers are set (WWW_Authenticate: negotiate) but the body of the resulting 401 response is always the standard message set in HTTPResponse of the HTTPResponse Zope module ("You are not ...") . def challenge( self, request, response, **kw ): response.addHeader('WWW-Authenticate', 'negotiate') m = "<strong>pipapo</strong>" response.setBody(m, is_error=1) response.setStatus(401) return 1 ( actually <strong>pipapo</strong> will be replaced by the form which will submit the values for the cookie based authentication plugin) so it seems that response.setBody is called again. any hints ? regards, Uwe _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas