-----BEGIN PGP SIGNED MESSAGE-----
Wichert Akkerman wrote:
> Hi Stefan,
> Previously Stefan H. Holek wrote:
>> Log message for revision 97359:
>> User masquerading. Adapted from a patch against PAS 1.0.4.
>> Logging in as AUTHUSER/ROLEUSER (e.g. 'admin/jdoe') authenticates
>> against AUTHUSER but returns ROLEUSER. As a security precaution,
>> AUTHUSER must have the Manager role. Note: AUTHUSER and ROLEUSER
>> must live in the same user folder.
> What happens if someone as a / in his login name? How do you plan to
> deal with differing login and usernames?
> Is there a reason this is not doable with plugins?
I agree: this is *exactly* the sort of thing which should be in a
plugin. In particular, such a plugin should be configured to select
which other IAuthentication plugins it would search, which would remove
the requirement to splice the code directly into the PAS framework code.
Tres Seaver +1 540-429-0999 tsea...@palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope-PAS mailing list