| Now, 5.2 is where I have the problem, since raising unauthorized | anywhere in Zope traditionally pops up a basic auth box rather than | returning standard_error_message with a 403 response which, as time goes | by, I'm starting to think is what should really happen.
Yes! That too.
| 1. Should things change to work as I describe?
I would think so.
OK, but I would prefer more opinions on this, so moving to [EMAIL PROTECTED]
| 2. Is the above behaviour pluggable at all?
Not at all.
Should it be? Can it be without impacting on performance?
| 3. How does PAS handle failover from one authentication plugin to the next?
/me leaves slot for PAS experts to fill
| 4. What kicks off the authentication process in Zope? Something being | anonymously viewable or credentials being found in the request?
I've been looking at BaseRequest.traverse(). Basically, it tries to
What does? And what does validate mean in this context?
being it set or not *wink* (when using
Right, and that was the source of the other thread?
CookieCrumbler it's this variable is set from the cookie value) and that may result in a valid user or 'Anonymous User'.
Yeah, but how does CookieCrumbler stop a basic auth box being popped to the user when things aren't authorized?
| PS: I suspect the answer to 4 varies depending on the type of auth :-(
I don't think so.
CookieCrumbler vs Everything Else: I think it does...
-- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas