I wrote:
I want to use pau, with session (cookie) based authentication. No
basic authentication.
The problem is, when the pau is activated, the zope.manager defined in
zcml seems to be no longer accessible, effectively locking me out of
the zmi.
What I think is happening is the pau appends a prefix to the principal
name, so that the principal, instead of being "zope.manager", becomes
"prefixzope.manager", which has no permissions anywhere.
I think my choices are the following.
1. make pau always look (last) in principalRegistry and return a
non-prefixed principal if found and validated
2. have my authentication plugin look in principalRegistry and assign
the same roles for the principals found in principalRegistry, but with
the pau prefix. This would happen when the plugin is created or on
demand.
3. provide methods for my authentication plugin to generate an
emergency user for one of its valid principals
Or did I miss something in the documentation that gets around this?
Apparently not? So, I am going to choose door #3. It should be pretty
simple. The main hazard is getting it wrong, which will require some
amusing spelunking with the debugger to deactivate the utility if there
is anything important in the ZODB. On the good side, it will prep me
for the next project, which I think will require ldap.
-Jim Washington
_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users