Simon Hang wrote:
I'm thinging to write a NTLM credential plugin for zope3. But as I know, ntlm use 4-way handshake procedure, that means it needs two round-trips between server(zope3) and client(browser). When I look in the credential plugins, it has challenge mothed. But seems it is only design for 1 round-trip protocol. It can issue one challenge, and return to parent script.

I don't see how the PAU only allows one "round-trip". The PAU will use the credentials-plugin to challenge the user when an Unauthorized exception occurs.

1. The first time your challenge method is called, you set the WWW-Authenticate: NTLM header (like the HTTP Basic Auth plug-in sets the WWW-Authenticate: Basic header).

2. Then the client sends the type 1 message which you extract in extractCredentials and raise Unauthorized *again*.

3. THat means your challenge method is called *again*. That time you'll se tthe WWW-Authenticate header with the type 2 message.

4. Then the client sends the type 3 message back which you'll extract in extractCredentials.


Zope3-users mailing list

Reply via email to