i want to use two different authentication/challenge plugins.
1) gssapi based one (using challenge and authentication)
2) cookie/form based one (only using authentication)
The gssapi based one is preferred but not all clients support
this one. So the cookie/form based one should be the fallback.
My Problem is: If the client hits a protected page the
gssapi based challenge is run and some headers are set
(WWW_Authenticate: negotiate) but the body of the resulting 401
response is always the standard message set in HTTPResponse of
the HTTPResponse Zope module ("You are not ...") .
def challenge( self, request, response, **kw ):
m = "<strong>pipapo</strong>"
( actually <strong>pipapo</strong> will be replaced by the form
which will submit the values for the cookie based
so it seems that response.setBody is called again.
any hints ?
Zope-PAS mailing list