Previously Kapil Thangavelu wrote:
> On Thu, 19 Apr 2007 08:16:25 -0400, Sidnei da Silva  
> <[EMAIL PROTECTED]> wrote:
> 
> >On 4/19/07, Wichert Akkerman <[EMAIL PROTECTED]> wrote:
> >>Previously Sidnei da Silva wrote:
> >>Lets rephrase this: is the problem you see that the site user folder
> >>(which will be a PAS) issues a challenge, which results in credentials
> >>which the root user folder can not handle?
> >
> >Yes.
> >
> 
> why wouldn't the root just fall back to its own default if it can't find  
> credentials, like in the case of a standard zodb user folder at the root,  
> basic auth?

There is an interesting trick here. Suppose we have a configuration like
this:

 - basic root user folder
 +- a site
    +- a PAS user folder which is configured to only handle OpenID

you can not login directly with the emergency user on this site since
the site will never issue a challenge which will provide a username and
password which the emergency user authentication can use.

But if you access the application root first that will result in a
challenge being send which the emergency user authentication can handle.
And once the session for that has been setup you suddenly will be able
to access the site with the emergency user.

Of course this assumes that you can access the application root outside
the site. I do not think that is a bad assumption to make for someone
who can setup the emergency user.

Wichert.

-- 
Wichert Akkerman <[EMAIL PROTECTED]>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.
_______________________________________________
Zope-PAS mailing list
Zope-PAS@zope.org
http://mail.zope.org/mailman/listinfo/zope-pas

Reply via email to