Simon Hang wrote:
I'm thinging to write a NTLM credential plugin for zope3. But as I know,
ntlm use 4-way handshake procedure, that means it needs two round-trips
between server(zope3) and client(browser).
When I look in the credential plugins, it has challenge mothed. But
seems it is only design for 1 round-trip protocol. It can issue one
challenge, and return to parent script.
I don't see how the PAU only allows one "round-trip". The PAU will use
the credentials-plugin to challenge the user when an Unauthorized
1. The first time your challenge method is called, you set the
WWW-Authenticate: NTLM header (like the HTTP Basic Auth plug-in sets the
WWW-Authenticate: Basic header).
2. Then the client sends the type 1 message which you extract in
extractCredentials and raise Unauthorized *again*.
3. THat means your challenge method is called *again*. That time you'll
se tthe WWW-Authenticate header with the type 2 message.
4. Then the client sends the type 3 message back which you'll extract in
Zope3-users mailing list