Background for zope-dev:

Me, Tino and Zach has been discussing and working a bit on PAS, to fix the problems I had last week. Most have now been fixed. Some new ones arrived instead. :)

The two first have to do with both Zope and PAS:

1. The challenge() currently requires you to either raise a Redirect or
and Authenticated exception, to go to a login-page or get a login-box. This is because if you just return from challenge without any exception BasicRequest will later raise unauthorized. This means you can not do response.setBody() or even response.redirect().

One possible solution for this is to NOT provoce the challenge from the user folders verify() method, but challenge from Response.unauthorized().

2. I would assume that a redirecting challenge will redirect a webdav
client too. That is a bad idea, and needs to be taken care of (by PAS I assume, but not 100% sure how).

These further two are more PAS specific:

3. If you have a PAS in the Zope root, and you have a broken challenge plugin, you may not be able to log in at all. This also needs to be taken care of in one way or another. One way could be to always allow username:[EMAIL PROTECTED] authentication for emergency user. Other ideas could be to have some setting to disable challenges and restart the server, or something like that.

4. The only plugin to actually do any proper challenges as of today, is my newly created CAS-plugin. Question: Do you want that as a part of PAS? I can simply check it in there. Otherwise it will become a separate product.


Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - )

Reply via email to