It works great, but I have one issue: authentication takes much time
(almost 10 seconds).

Windows authentication can be slow. There are ways to speed it up, the Microsoft documentation might help.

IMHO sane behavior would be: authenticate with ActiveDirectory once
(on login) and then authenticate basing only on cookie

It depends on what you want. If you want immediate revocation, then it's not. If, like most people, you don't care too much about immediate revocations, then read below.

I suspect my problem may be a configuration issue in my PAU

It sounds like it; make sure you have the "No Challenge if Authenticated" plugin enabled.
Benji York
Senior Software Engineer
Zope Corporation
Zope3-users mailing list

Reply via email to