I need to make an authenticated call from one Zope server to another.

Although the two servers share most of their object trees (including the main user folder) through a common ZEO ClientStorage, I have to call the script on a _specific_ machine, since it will make changes to the local file system.

So basically, I want to do something similar to calling
http://currentUID:[EMAIL PROTECTED]/makeLocalChanges

Now my problem(I'm using ZPublisher.Client):
I have to make that call with the current (!) user's name and password (which are stored on both machines thanks to the ClientStorage) but the passwords in my user folder are encrypted - which I had thought was a (TM) good thing. :-)

So calling _getPassword() on the user object gives me something that starts with "{SHA}", which ZPublisher.Client.call() won't eat - it expects a plain password and then does the usual base64.

How can I accomplish this?

I figure I either need to

- find a way to get the unencrypted password. I consider this the less elegant (and less secure) approach: I don't want to _know_ the current user's password, I just want to _use_ it... :-)

- use a different approach to call the other server (like passing a copy of the current Auth header or something...)

I'm not sure how to do either...

Thank you very much for your help,

Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to