michael nt milne wrote at 2006-2-28 15:51 +0000: >I'm probably missing something really obvious but am wondering how you >actually implement your product on a live plone site. I've got it installed. >Do you just customise the login form that comes with the product and use >that on the site?
I fear you do not understand the essence of HTTP authentication: For any kind of HTTP authentication (whether "basic" or "digest"), it is the browser which gathers the login information. Therefore, you do not have a login form (you can customize on the server). Instead, the browser uses its login dialog (which you might customize, if you are using e.g. Mozilla or Firefox, but is usually out of the server's reach). As written in the documentation on my website, "DigestAuth" currently only contains a "DigestAuthCrumbler" which works similar to the "CookieCrumbler". More precisely: It takes digest auth information, verifies it and (if successful) presents it like basic auth information to the remaining parts of Zope. The "CookieCrumbler" works very similar: it takes the information from a cookie and presents it like basic auth information to the remaining parts of Zope. The "DigestAuthCrumbler" is a bit less transparent. It *MUST* know the user's password in order to verify the validity of the presented auth information (more precisely, a special hash would be sufficient, but usual user folders do not support such hashes). Therefore, it can only be used together with UserFolders providing access to the clear text password. -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )