On Fri, Jul 25, 2003 at 01:45:54AM +0200, Dieter Maurer wrote:
Carsten Gehling wrote at 2003-7-24 10:58 +0200:
1) Zope is run behind IIS with PCGI. All users with access to the intranet must be added to the permissions for the intranet's root rolder. Zope user folders are made with the special LDAPUserFolder 2) Zope is run as a standalone server. Zope must simulate IIS's challenge/response system. Zope user folders are made with the special LDAPUserFolder
You should go for 1) and use a specialized "UserFolder" that authenticates a user based on "LOGON_USER".
There is RemoteUserFolder, which docu says it works with IIS's setting REMOTE_USER. I've not used RemoteUserFolder with IIS, but I've used it with my ZServerSSL which sets REMOTE_USER from the client certificate's subject DN, i.e., to support cert-based authentication over SSL. Works fine on Un*x, and I think it tested ok on Windows, too. -- Ng Pheng Siong <ngps@netmemetic.com> http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL