Steven D. Majewski wrote:
My understanding is that the Authentication Framework is just a
framework -- it doesn't itself do any authentication or
encryption/decryption of passwords.
I understand that it doesn't do any authentication: that's what I wrote
the little XML and XSLT files for: to output the format specified in the
doc at http://cocoon.apache.org/2.1/developing/webapps/authentication.html
I did, however, expect it to pass the password in crypt(3) form, but
that's not important for now.
It manages protected resources and restricts them to authenticated
users. ( Because typically sites will want to plug in different
authentication mechanisms. )
Yes, that much I'm happy with. I'll eventually want this to authenticate
against Active Directory or an LDAP server.
I'm not clear on what you're trying to do. Are you doing trying to do
HTTP Basic Authentication ?
For now I just want to authenticate using the little file I posted,
which provides a username and password per user that I can match against
locally.
I'm not sure what "HTTP Basic Authentication" is (unless it's like the
method used by regular Apache httpd for web passwords -- but that *does*
use crypt(3)). I'm using the file system: my auth.xml and auth.xsl with
the parameter_username and parameter_password as per the document image
in http://cocoon.apache.org/2.1/developing/webapps/authentication.html
<map:match pattern="login">
<map:generate src="auth.xml"/>
<map:transform src="auth.xsl" type="xslt">
<map:parameter name="use-request-parameters" value="true"/>
</map:transform>
<map:serialize type="xml"/>
</map:match>
And I'm not sure what you mean by "required crypt(3)" - required by whom ?
Me. I assumed (obviously wrongly) that Cocoon would handle the
encryption of the password. No matter -- for the moment I don't care;
but the problem still stands in that it isn't coming back with
authentication when I provide the right userid/password pair in Cocoon,
but it *does* provide the specified output if I perform the same action
from the shell commandline using Saxon.
HTTP Basic Authentication sends the bas64 encoding of "user:password"
They aren't encrypted.
Base64? Ewww. So if I store the userid and password in my XML disk file
in base64 encoding they should be matched?
( But if you're trying to port users from an Apache .htpasswd file ,
then THOSE entries are encrypted with crypt(3). That was my problem
and I found and adapted a javascript version of crypt. )
No, I wasn't trying to use those: I just assumed the concept would be
the same, only performed by my XML file and its XSLT procedure.
The documentation is missing this vital information in that case.
Has anyone ever implemented a small test case where authentication is
performed by a component which just runs XSLT over XML and matches the
passed userid/password parameters with values in the XML file, and
returns the format specified in the Cocoon doc at
http://cocoon.apache.org/2.1/developing/webapps/authentication.html
///Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
