michael nt milne wrote at 2006-2-28 15:51 +0000:
>I'm probably missing something really obvious but am wondering how you
>actually implement your product on a live plone site. I've got it installed.
>Do you just customise the login form that comes with the product and use
>that on the site?

I fear you do not understand the essence of HTTP authentication:

  For any kind of HTTP authentication (whether "basic" or
  "digest"), it is the browser which gathers the login
  information. Therefore, you do not have a login form (you
  can customize on the server). Instead, the browser uses
  its login dialog (which you might customize, if you
  are using e.g. Mozilla or Firefox, but is usually out of the
  server's reach).

As written in the documentation on my website,
"DigestAuth" currently only contains a "DigestAuthCrumbler"
which works similar to the "CookieCrumbler".
More precisely:

  It takes digest auth information, verifies it and
  (if successful) presents it like basic auth information
  to the remaining parts of Zope.

  The "CookieCrumbler" works very similar: it takes the
  information from a cookie and presents it like
  basic auth information to the remaining parts of Zope.

  The "DigestAuthCrumbler" is a bit less transparent.
  It *MUST* know the user's password in order to verify
  the validity of the presented auth information (more precisely,
  a special hash would be sufficient, but usual user folders
  do not support such hashes). Therefore, it can only be
  used together with UserFolders providing access to the
  clear text password.

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to