-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wichert Akkerman schrieb: > Previously robert rottermann wrote: >> Mark Hammond wrote: >>>> Hi there, >>>> >>>> I want to write a PAS Plugin that does only the authentication. >>>> >>>> it should do the authentication and then store it in a >>>> session for a coupple of hours. >>>> >>>> Now I am unsure which services I have to implement. >>>> IAuthenticationPlugin ?? >>>> IExtractionPlugin ?? >>>> >>> Without more information, it's unclear what you will need. Assuming you >>> want to reuse either HTTP basic or cookie authentication for the mechanics >>> of getting a username/password pair, you can enable the standard PAS plugins >>> for IChallengePlugin and IExtractionPlugin. You should then only need to >>> implement IAuthenticationPlugin - and the main job there is for you to >>> validate the credentials, then return a dict with the username you >>> extracted. You will also need to have a user manager - the "ZODB User >>> Manager" might be OK. I'd recommend the approach of setting PAS up with >>> everything working as you want except for the actual authentication you want >>> to perform. You should then replace the interfaces from that set until >>> everything you need is done :) >>> >>> This is mainly from memory, but I hope it helps... >>> >>> Mark >>> >>> _______________________________________________ >>> Zope-PAS mailing list >>> [email protected] >>> http://mail.zope.org/mailman/listinfo/zope-pas >>> >>> >> thank you very mutch to all the answer I got. >> This is what I need: >> >> on an intranet I want to have all users in a plone "user_source". >> the authentication itself should be against a bunch of >> ActiveDirectory-domains. >> after the authemtication I just want the user to be authorized without >> the need to re authenticate during business hours. > > Why do you want to have the users in source_users for that? That isn't > necessary. Just do the normal AD authentication using LDAPMultiPlugins > and use a session plugin such as SessionAuthHelper or plone.session.
with this approach we would loose the ability to - - easily search for users - - easily add users to ad hoc local groups. I would be happy to hear that I am wrong tough .. robert -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGE6IlGaryJ0T9kUYRAuaAAJwKwWO2IQ5lg6gfU6HzPPpORVog3gCcCsZo 3B1HGtBl9q3/1Vawhwwgf/g= =2aHr -----END PGP SIGNATURE----- _______________________________________________ Zope-PAS mailing list [email protected] http://mail.zope.org/mailman/listinfo/zope-pas
