On 2005-04-20 11:20:26 -0400, Chris Withers <[EMAIL PROTECTED]> said:

Sidnei da Silva wrote:
| 3. How does PAS handle failover from one authentication plugin to the next?

/me leaves slot for PAS experts to fill

Each attempt at authenticating a particular set of credentials gets a crack, and either stands up for the creds, or returns None.

CookieCrumbler it's this variable is set from the cookie value) and
that may result in a valid user or 'Anonymous User'.

Yeah, but how does CookieCrumbler stop a basic auth box being popped to the user when things aren't authorized?

By intercepting the RESPONSE's unauthorized() method. It's pretty plainly there in the code. FWIW, this is how PAS insinuates itself into the process as well, but to allow for any of the challenge plugins to fire this way.

| PS: I suspect the answer to 4 varies depending on the type of auth :-(

I don't think so.

CookieCrumbler vs Everything Else: I think it does...

Well, not in PAS ;^)


_______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas

Reply via email to