yes. Well, then, in this case you would especially want to just bypass the boilerplate code and just reassign the user to this session. Yes?
On Feb 28, 10:09 am, "Ben Sizer" <[EMAIL PROTECTED]> wrote: > On Feb 28, 2:10 pm, "Patrick Lewis" <[EMAIL PROTECTED]> wrote: > > > On Feb 28, 5:14 am, "Ben Sizer" <[EMAIL PROTECTED]> wrote: > > > > Surely there must be a way to log in a user without having to provide > > > a password. Otherwise this is a restriction on many other types of > > > authentication. > > > > -- > > > Ben Sizer > > > What types of authentication are there that don't require a password > > or secret of some type? It's an honest question; I'm not familiar with > > any. > > Well for starters, there might actually be a password, but it's > handled remotely. eg. You may submit the username and password to some > sort of trusted service on the local network, which can then grant or > deny access. You may have existing code for doing this, and won't want > to hack the identity provider or whatever it is to have to relay that > password on (which I assume is possible, though I haven't checked). > > Or you might just grant access based on IP address, such as admin > rights automatically granted to localhost. Or it could just be a low- > security shared system, eg. an intranet wiki, where you just go by > username and don't want to burden people with passwords. > > Maybe you don't store any important data that persists across visits, > and instead just want to equate one 'user' with one extended visit to > the site, but find it convenient to use identity to tie the data > together across multiple HTTP requests, after an implicit login. > > Perhaps you're sharing a domain with a legacy PHP site, and while > slowly migrating over to Turbogears, you want the cookie that your PHP > login script sets to allow you to access restricted parts of your TG > app. > > Or you might desire some sort of 'su' functionality where someone > logged in as an administrator can log in as someone else instantly - > for this you'd want to be able to just reassign the identity > accordingly. > > Sure, many of these are somewhat uncommon, and I expect many or most > can be hacked around with new identity providers, but I don't know how > easily more than one such provider might co-exist within one app for > example. I think it would be beneficial to expose a function that > allows people with advanced authentication purposes to simply reassign > the current user. > > -- > Ben Sizer --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
