"Jay, Dylan" a écrit :
I'm a little confused over this. From your previous mail I understood that jcNTUserFolder was to be used only behind IIS. It interpreted the REMOTE_USER var passed in after challenge/response authentication by IIS and made this into a Zope user. Now your talking about jcForceAuth and saying that users login using basic authentication with their NT username and password??????
Under what circumstances can you use challenge/response vs basic authentication?
My apologies for taking so long to respond. Our mail server had some problems... Well, Zope can do both authentication method (but not at the same time!): 'standard' basic authentication mode or 'remote user' authentication mode. It depends on the content of the access file. This is documented somewhere in Zope documentation. In basic authentication mode, the browser gives Zope the username and the password, and ask if it is correct. If Zope says 'no', the browser asks again until the user give the right username/password pair. Zope can only do the BASIC authentication. In remote user authentication mode, the web server on top of zope (apache or IIS, or whatever) *does* the authentication (it checks the username/password). Once the user is authenticated, the web server passes Zope the REMOTE_USER variable, which is the username of the authenticated user. My product is compatible with the two schemes. However, Zope is unable to do challenge/response authentication, so you have to put it under a web server that is capable of doing such authentication (ie, IIS). If you use my product with vanilla Zope, your users can still authenticate by using their nt username/password. This difference is: - behind IIS, Zope *always* get the user infos, and they are not aware of it. - vanilla zope does not brings the authentication dialog if content is anonymous, so your users can still browse the site while being anonymous. This is where my jcForceAuth product come in, because it ask the users to authenticate even if they view anonymous content. hope it's clear now. jephte clain minf7@educ.univ-reunion.fr ps: I don't speak/write english very well. So if the above is still unclear, perhaps someone on the list can better explain.