En/na Luca Olivetti ha escrit:
At this point zope should see an additional header REMOTE_USER (with the
consequent security risk: you should make sure that nobody can directly
access zope otherwise they can fake this header and pose as any user)
which is available in request.environ as HTTP_REMOTE_USER.
Then it's just a matter of using PAS with the SharkbyteSSOPlugin
(http://dev.plone.org/collective/browser/SharkbyteSSOPlugin) configured
to use HTTP_REMOTE_USER.
I'd suggest to change
userid = request.get(self.uservar)
to
userid = request.environ.get(self.uservar)
for a little more security - not that this setup seems really secure to
me anyway, but I'm not a security expert ;-)
Ok, useless suggestion, since Zope request does "the right thing":
1)it will search in the environment before searching in the form and
2)it'll strip any form variable that starts with 'HTTP_'
Bye
--
Luca Olivetti
Wetron Automatización S.A. http://www.wetron.es/
Tel. +34 93 5883004 Fax +34 93 5883007
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
