ok, thanks. I didn't notice the documentation on your site. On 2/28/06, Dieter Maurer <[EMAIL PROTECTED]> wrote: > michael nt milne wrote at 2006-2-28 15:51 +0000: > >I'm probably missing something really obvious but am wondering how you > >actually implement your product on a live plone site. I've got it > installed. > >Do you just customise the login form that comes with the product and use > >that on the site? > > I fear you do not understand the essence of HTTP authentication: > > For any kind of HTTP authentication (whether "basic" or > "digest"), it is the browser which gathers the login > information. Therefore, you do not have a login form (you > can customize on the server). Instead, the browser uses > its login dialog (which you might customize, if you > are using e.g. Mozilla or Firefox, but is usually out of the > server's reach). > > As written in the documentation on my website, > "DigestAuth" currently only contains a "DigestAuthCrumbler" > which works similar to the "CookieCrumbler". > More precisely: > > It takes digest auth information, verifies it and > (if successful) presents it like basic auth information > to the remaining parts of Zope. > > The "CookieCrumbler" works very similar: it takes the > information from a cookie and presents it like > basic auth information to the remaining parts of Zope. > > The "DigestAuthCrumbler" is a bit less transparent. > It *MUST* know the user's password in order to verify > the validity of the presented auth information (more precisely, > a special hash would be sufficient, but usual user folders > do not support such hashes). Therefore, it can only be > used together with UserFolders providing access to the > clear text password. > > > > -- > Dieter >
-- Michael _______________________________________________ Zope maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
