Am Freitag, 3. Februar 2006 17:11 schrieb Rupert Redington:
Florian Lindner wrote:
Am Freitag, 3. Februar 2006 04:07 schrieb Gary Poster:
On Feb 2, 2006, at 4:41 PM, Florian Lindner wrote:
Hello,
I'm still desperately trying to figure out the
PluggableAuthentication.
Since no one has replied, I'll try my 30-second remediation
technique again. ;-) That means I didn't really follow exactly what
you are doing, and I'm just trying for low-hanging fruit to help
you. :-)
:-)
:
I perform the following steps:
1) Create an instance of my folderish, possible site (named A),
content
object.
2) I create a site in it.
3) I add a PAU in the default software space
4) I add a SessionCredentialsPlugin and a PrincipalFolder as plugins.
5) I create a internal principal with Title =
zope.Manager (tried also
other ones). name = abc
6) In the SessionCredentialsPlugin I leave to loginForm.html. I've a
loginForm.html view in my A-object)
7) I register all components (SessionCreadentiasPlugin,
PrincipalFolder and
PAU)
So that means that http://127.0.0.1:8080/++etc++site/default/test.pau/
@@configure.html (or similar) has one credentials plugin in the right
column (Session Credentials (a utility)) and one authenticator
plugin in the right column (PrincipalFolder (a utility) or
something like that). Right?
If not, make it so. :-)
It was already like that, forgot to mention it.
If that doesn't work, try making the right column of the Credentials
Plugins field be No Challenge if Authenticated (a utility) first
and then Session Credentials (a utility) second. That's probably
what you want anyway.
Changed it a bit.
I'm not redirected to the loginForm.html but a Not authorized page.
Anything else is the same. I wonder why I'm not authorized, because in
the authenticateCredentials() function the internal.title returns:
(Pdb) internal.title
u'zope.Manager'
Which should be authorized for anything.
Hope you can hang the fruits a few centimeter lower... ,-)
If this fruit is low enough for me I'll be very surprised, and you've
probably done this already, but:
Does the Principal you've added to your PAU authentication plugin have a
grant on the site/folder you're trying to access?
I've given the principal the title (which is AFAIK the same as role)
zope.Manager, which IMO does not need further grants.
Another way I've tried: I've created a principal with title CS.User.
In my configure.zcml I have:
role
id=CS.User
title=centershock.net user /
grant permission=CS.View
role=CS.User /
The ressource I try to access has security declarations:
page
name=toHomeFolder
for=*
permission=CS.View
[...] /
Or do I need further grants or anything? Or do I misunderstand the title
attribute of the principal.
Thanks,
Florian
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users