I see how it works now. I installed jcNTUSerFolder but couldn't get it to work. I thought it did the challenge response stuff for me. I didn't realize it had to go behind IIS. I'll give it a try.
-----Original Message----- From: Jephte CLAIN [mailto:minf7@educ.univ-reunion.fr] Sent: Thursday, May 25, 2000 8:14 PM To: Jay, Dylan Cc: 'zope@zope.org' Subject: Re: problems with NTUserFolder.
"Jay, Dylan" a écrit :
I can't seem to get your product to work the way I want.
I'll tell you what
I'm after and perhaps you can tell me where I'm going wrong or if indeed your product can do it at all.
I have a group of users who are all part of the same domain as I am on. Its the department domain. I want to have these people recognized by my website seemlessly. I know this can be done with NT challenge response if you are using ie as your client. I want to do this in zope such that users who enter the site are automatically authenticated and appriate permissions for them set. These would be zope permission set inside zope, nothing to do with NT permissions.
How do I do this? Well, I wrote jcNTUserFolder to do exactly this :-)
you may have a look at http://www.zope.org/Members/jephte/HOWTO/IIS_and_Zope_in_REMOT E_USER_mode
a few comments: - you have to install the jcNTUserFolder *before* you put Zope in REMOTE user mode. - zope in its current form can't handle REMOTE user authentication mode together with standard authentication mode. When you install Zope as as pcgi process to get through IIS, it is the *only* way to be authenticated and get, for example, to the management screens. When you install jcNTUserFolder as the root user folder, you have to choose the NT user that will be mapped to the super user. The first time, you have to log with that user. Note that this 'super user' needn't be a privileged one under NT. regards, jephte clain minf7@educ.univ-reunion.fr
"Jay, Dylan" a écrit :
I see how it works now. I installed jcNTUSerFolder but couldn't get it to work. I thought it did the challenge response stuff for me. I didn't realize it had to go behind IIS. I'll give it a try. The challenge/response protocol authentication, as far as I know, is specific to microsoft. that's why you have to use IIS for example to do the authenticatio for you. I don't know of another browsers / ftp clients / mail clients that can perform that kind of authentication, beside those from microsoft (IE, Outlook, ...)
You may also have a look at http://www.zope.org/Members/jephte/jcForceAuth for a way to force users to authenticate. they have to identify themselves to browse the site, but at least they can use their own nt account/password. be warned though: passwords are sent unencrypted over the wire with basic authentication. regards, jephte clain minf7@educ.univ-reunion.fr
On Fri, May 26, 2000 at 06:19:22PM +0400, CLAIN Jephte wrote:
I don't know of another browsers / ftp clients / mail clients that can perform that kind of authentication, beside those from microsoft (IE, Outlook, ...)
Fetchmail can do NTLM challenge/response, and is OSS. Someone may want to look into that to see if it can be ported to, for example, Zope. I imagine that NTLM over HTTP is pretty much the same as NTLM over IMAP. All you need is a protocol analyser to find out. Fetchmail homepage: http://www.tuxedo.org/~esr/fetchmail/ -- Martijn Pieters | Software Engineer mailto:mj@digicool.com | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ | The Open Source Web Application Server ---------------------------------------------
participants (3)
-
CLAIN Jephte -
Jay, Dylan -
Martijn Pieters