Hi!

I have a PAS configuration with two user sources (Kerberos and ZODB),
modelled as two authentication plugins (IAuthenticationPlugin).

Now, my Zope application (which only sees the PropertiedUser object)
wants to differntiate between Users, which are authenticated against
Kerberos, and the ones authenticated against ZODB.

In former PAS versions (1.0.x) there was the "plugin id mangling", so
that:

  getSecurityManager().getUser().getId()

returned

  krb__wlang or zodb__wlang
  ^^^           ^^^^

I see that the mangling is replaced by a plugin property named
"prefix". However, if i set the properties of my authentication
plugins, the user_id still is "wlang" (without prefix) in both
cases. The reason for this is (looking into the ZODBUserManager
plugin), that the "authenticateCredentials" method doesnt honor the
"prefix" property:

    def authenticateCredentials( self, credentials ):
        ...
        userid = self._login_to_userid.get( login, login )
        reference = self._user_passwords.get(userid)

        if <password correct>:
            return userid, login

So whats the proposed way to discriminate users wrt the auth plugin?
Am i missing something?

I'm willing the write patches and tests, but want to make sure, that i
understand the idea behind mangling, prefix and plugin
discrimination...


Thanks,


\wlang{}

-- 
willi.langenber...@wu.ac.at            Fax: +43/1/31336/39207
IT-Services,     WU Wirtschaftsuniversitaet Wien,     Austria
_______________________________________________
Zope-PAS mailing list
Zope-PAS@zope.org
https://mail.zope.org/mailman/listinfo/zope-pas

Reply via email to