Hi ,

        i want to use two different authentication/challenge plugins.
        1) gssapi based one (using challenge and authentication)
        2) cookie/form based one (only using authentication)

        The gssapi based one is preferred but not all clients support
        this one. So the cookie/form based one should be the fallback.

        My Problem is: If the client hits a protected page the
        gssapi based challenge is run and some headers are set
        (WWW_Authenticate: negotiate) but the body of the resulting 401
        response is always the standard message set in HTTPResponse of
        the HTTPResponse Zope module ("You are not ...") .

        def challenge( self, request, response, **kw ):
                m = "<strong>pipapo</strong>"

                response.setBody(m, is_error=1)
                return 1

        ( actually <strong>pipapo</strong> will be replaced by the form
          which will submit the values for the cookie based
          authentication plugin)

        so it seems that response.setBody is called again.
        any hints ?


Zope-PAS mailing list

Reply via email to