Tres Seaver wrote:
> robert rottermann wrote:
> >> Hi there,
> >>
> >> I would like to use Session Auth Helper to authenticate a user after he
> >> has logged into a site using Active Directory.
> >>
> >> this are the steps I use to create the setup:
> >> - add an ActiveDirectory Multiplugin
> >>     - activate all services
> >> - apply patches to have the groups working
> >>     according instructions on Plone I install
> >>         LDAPMultiPlugins-plone.org.patch from antiloop.plone.org
> >> - add an Session Auth Helper
> >>     - activate all three services (Reset Credentials,
> UpdateCredentials,
> >> Extraction)
> >> - Up the session timeout of the site to 5 hours
> >>
> >> Now my questions:
> >> - do I have to change the sequence of the active plugins to avoid
> >> contacting the AD server after a successful login
>
> >>   (as long the session is active)
> >>     it is like this now
> >>         credentials_cookie_auth
> >>        AD Multiplugin
> >>        Session Auth Helper
> >>       
> >> - is there something else I have to take care of?
>
>
> Yes, you want the session auth plugin to be registered *ahead* of the AD
> / LDAP plugin, in the registration for IAuthenticateCredentials.  That
> list looks like the one for IExtractCredentials (the cookie plugin can't
> actually authenticate, it only retrieves credentials from the request).
>
>
> Tres.
> --
thanks Tres,
a stupid follow up question: what is ahead?
(from the context of this mail) I assume this means above of AD?

robert
begin:vcard
fn:robert  rottermann
n:rottermann;robert 
email;internet:[EMAIL PROTECTED]
tel;work:031 333 10 20
tel;fax:031 333 10 23
tel;home:031 333 36 03
x-mozilla-html:FALSE
version:2.1
end:vcard

_______________________________________________
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas

Reply via email to