RE: [Zope-PAS] what plugins are needed for authentication
Hi there, I want to write a PAS Plugin that does only the authentication. it should do the authentication and then store it in a session for a coupple of hours. Now I am unsure which services I have to implement. IAuthenticationPlugin ?? IExtractionPlugin ?? Without more information, it's unclear what you will need. Assuming you want to reuse either HTTP basic or cookie authentication for the mechanics of getting a username/password pair, you can enable the standard PAS plugins for IChallengePlugin and IExtractionPlugin. You should then only need to implement IAuthenticationPlugin - and the main job there is for you to validate the credentials, then return a dict with the username you extracted. You will also need to have a user manager - the ZODB User Manager might be OK. I'd recommend the approach of setting PAS up with everything working as you want except for the actual authentication you want to perform. You should then replace the interfaces from that set until everything you need is done :) This is mainly from memory, but I hope it helps... Mark ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
Mark Hammond wrote: Hi there, I want to write a PAS Plugin that does only the authentication. it should do the authentication and then store it in a session for a coupple of hours. Now I am unsure which services I have to implement. IAuthenticationPlugin ?? IExtractionPlugin ?? Without more information, it's unclear what you will need. Assuming you want to reuse either HTTP basic or cookie authentication for the mechanics of getting a username/password pair, you can enable the standard PAS plugins for IChallengePlugin and IExtractionPlugin. You should then only need to implement IAuthenticationPlugin - and the main job there is for you to validate the credentials, then return a dict with the username you extracted. You will also need to have a user manager - the ZODB User Manager might be OK. I'd recommend the approach of setting PAS up with everything working as you want except for the actual authentication you want to perform. You should then replace the interfaces from that set until everything you need is done :) This is mainly from memory, but I hope it helps... Mark ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas thank you very mutch to all the answer I got. This is what I need: on an intranet I want to have all users in a plone user_source. the authentication itself should be against a bunch of ActiveDirectory-domains. after the authemtication I just want the user to be authorized without the need to re authenticate during business hours. thanks again robert begin:vcard fn:robert rottermann n:rottermann;robert email;internet:[EMAIL PROTECTED] tel;work:031 333 10 20 tel;fax:031 333 10 23 tel;home:031 333 36 03 x-mozilla-html:FALSE version:2.1 end:vcard ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wichert Akkerman schrieb: Previously robert rottermann wrote: Mark Hammond wrote: Hi there, I want to write a PAS Plugin that does only the authentication. it should do the authentication and then store it in a session for a coupple of hours. Now I am unsure which services I have to implement. IAuthenticationPlugin ?? IExtractionPlugin ?? Without more information, it's unclear what you will need. Assuming you want to reuse either HTTP basic or cookie authentication for the mechanics of getting a username/password pair, you can enable the standard PAS plugins for IChallengePlugin and IExtractionPlugin. You should then only need to implement IAuthenticationPlugin - and the main job there is for you to validate the credentials, then return a dict with the username you extracted. You will also need to have a user manager - the ZODB User Manager might be OK. I'd recommend the approach of setting PAS up with everything working as you want except for the actual authentication you want to perform. You should then replace the interfaces from that set until everything you need is done :) This is mainly from memory, but I hope it helps... Mark ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas thank you very mutch to all the answer I got. This is what I need: on an intranet I want to have all users in a plone user_source. the authentication itself should be against a bunch of ActiveDirectory-domains. after the authemtication I just want the user to be authorized without the need to re authenticate during business hours. Why do you want to have the users in source_users for that? That isn't necessary. Just do the normal AD authentication using LDAPMultiPlugins and use a session plugin such as SessionAuthHelper or plone.session. with this approach we would loose the ability to - - easily search for users - - easily add users to ad hoc local groups. I would be happy to hear that I am wrong tough .. robert -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGE6IlGaryJ0T9kUYRAuaAAJwKwWO2IQ5lg6gfU6HzPPpORVog3gCcCsZo 3B1HGtBl9q3/1Vawhwwgf/g= =2aHr -END PGP SIGNATURE- ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
Re: [Zope-PAS] what plugins are needed for authentication
Previously robert rottermann wrote: with this approach we would loose the ability to - - easily search for users - - easily add users to ad hoc local groups. If you enable user enumeration on the LDAP plugin that should work fine. Wichert. -- Wichert Akkerman [EMAIL PROTECTED]It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas
[Zope-PAS] what plugins are needed for authentication
Hi there, I want to write a PAS Plugin that does only the authentication. it should do the authentication and then store it in a session for a coupple of hours. Now I am unsure which services I have to implement. IAuthenticationPlugin ?? IExtractionPlugin ?? in the bygone world off monolithic acl_users I had authenticate just returned True to authenticate the user. and did noth bother about anything else.. thanks for your insight robert begin:vcard fn:robert rottermann n:rottermann;robert email;internet:[EMAIL PROTECTED] tel;work:031 333 10 20 tel;fax:031 333 10 23 tel;home:031 333 36 03 x-mozilla-html:FALSE version:2.1 end:vcard ___ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas