On Wed, Mar 15, 2000 at 02:23:43PM -0500, Pavlos Christoforou wrote:
I have not touched the authentication machinery yet so I must rely on other Zopistas efforts. There is a LoginManager which is part of the PTK. Seems to be well thought out, and it seems to provide a very general and broad solution to the authentication problem, but I have no idea whether or how it works.
The Login Manager looks good because, unlike GUF and UserDb, it allowed me to use the admin/supervisor password to authenticate straight away and so didn't lock me out of the directory.
I actually gave up on GUF because I _couldn't_ get it to let me in in the first place to set up my db methods. The password that is supposed to be built in didn't work at all, neither did the supervisor one.
I posted a work around for that on this mailing list a couple of days ago. And yes whilst it is frustrating it is no where near as hard as writing an authentication product from scratch (which from experience is difficult).
To me this is the biggest problem with the other existing systems, that they lock you out of your site and there is little you can do about it. (In UserDb I had to comment out parts of the security code to get it to let me in and set it up properly. After it was set up it worked fine and I could put the code back.)
Another useful add on is for GUF to ship a complete example of its usage based on standard Zope objects (Folders etc). Maybe as an exported folder that the user can optionally import.
Last time I used it came with a very simple example already. All you need to do is add in your logic and you're away. The SQL Howto on the website is very informative (cheers to whoever wrote that).
All authentication stuff from a database is going to require the person to customise their own sql we can't make custom authentication methods any easier than that, but in the simplest case this should be _all_ they have to do. The supervisor password should _always_ work in any authentication method from the beginning and it should be made clear that people are going to have to authenticate using that particular password until they have the rest of their site set up.
Anyway, the LoginManager looks very clean. It already doesn't have a lot of the old problems and I like the abstraction. Now I just have to finish getting DCOracle working (annoying truncated .so files...).
Sorry I think that the GUF is also very clean and quite easy to work with. I think GUF is great as it is. Thanks a lot to Zen for contributing it. Cheers, Benno