Previously Behrens, Matt wrote:
> Tres Seaver wrote: 
> > You need to have plugins registered which implement 
> > IUserEnumeration and IGroupEnumeration for your site.  
> > Probably you are going to need to share the set of valid 
> > users with that external program, though.
> Right, but what if I can't enumerate the users?  In this scenario, I
> actually cannot get a list of valid users.  Inside Zope, my sole
> assurance that I have a valid user is that the hash matches up.
> It's a similar situation to exUserFolder's smbAuthSource; in that case,
> a username and password is provided and passed on for authentication,
> and if it works, a user object is created on the fly.  Or REMOTE_USER,
> if you don't have access to the list of valid users; you simply trust
> the username you're given, creating that user object again.

Many user sources suffer from this. I had the same problem when
implementing OpenID. Basically the problem is that PAS tries to verify
if a userid is linked to a valid user by doing a search for it. For
OpenID As I added some workaround code that checks if you are doing a
exact user search for a userid that looks like a URL and if so always
return a dummy user. That made PAS happy.


Wichert Akkerman <[EMAIL PROTECTED]>    It is simple to make things.                   It is hard to make things simple.
Zope-PAS mailing list

Reply via email to