So, leaving other issues aside *wink*, I'm no puzzled by the challenge
code in PAS. It looks like there was some attempt at distinguishing
challenging by some sort of 'protocol', but it leaves a lot to be
desired, or I don't understand how it's supposed to work.
The problem I'm facing now is that using the Cookie Auth plugin
effectively breaks WebDAV (and possibly FTP and XML-RPC), because as
soon as the Cookie Auth plugin is hit on challenge, it does a redirect
to the login form.
Changing the Cookie Auth to come after Basic Auth doesn't help either,
as then instead of a browser client being directed to the login form
it gets a basic auth dialog instead.
Is it possible that nobody noticed this yet? Or is it just me not
getting enough sleep last night?
Sidnei da Silva
Enfold Systems, LLC.
Zope-PAS mailing list