Mixing authentication techniques at the same site with exUserFolder
Hi, I'm using Zope product exUserFolder (v 0-10-9) under Zope 2.5.1 Our site has sections using Zope, and other sections using Apache (to use CGI software not under Zope, like for instance mailman or IMP Horde). The Zope sections authenticate users via exUserFolder, OK. The Apache sections use http basic auth, OK. The problem is that when a user navigates (in the same browser session) from one part to another. When entering Zope after authenticating on the other side, we get an error: Traceback (innermost last): File .../lib/python/ZPublisher/Publish.py, line 150, in publish_module File .../lib/python/ZPublisher/Publish.py, line 114, in publish File .../lib/python/Zope/__init__.py, line 159, in zpublisher_exception_hook (Object: XXXXXXX) File .../lib/python/ZPublisher/Publish.py, line 89, in publish File .../lib/python/ZPublisher/BaseRequest.py, line 388, in traverse File .../lib/python/Products/exUserFolder/exUserFolder.py, line 1024, in validate (Object: acl_users) File .../lib/python/Products/exUserFolder/exUserFolder.py, line 723, in std_validate (Object: acl_users) ValueError: unpack tuple of wrong size I understand that the auth. cookie has not the form expected by Zope... I tried unsuccessfully to fixe the python code. Do you have any suggestion ? Thank you, Emmanuel -- Emmanuel Viennet LIPN - Institut Galilee - Universite Paris-Nord
Emmanuel Viennet wrote at 2003-1-7 22:12 +0100:
Our site has sections using Zope, and other sections using Apache (to use CGI software not under Zope, like for instance mailman or IMP Horde).
The Zope sections authenticate users via exUserFolder, OK.
The Apache sections use http basic auth, OK.
As explained in a recent message (--> mailing list archives), I would go for a session base authentication. Please read the message and come back, when you have more questions. Dieter
Hum, I'm not sure I found the recent message you refer to. Do you refer to this thread ? http://lists.zope.org/pipermail/zope/2002-August/121367.html In that case, do I need to use the Remote User Folder ? (http://www.zope.org/Members/djay/RemoteUserFolder) I was unable to find documentation on these issues... Thank you for your help Emmanuel On Wed, 2003-01-08 at 20:58, Dieter Maurer wrote:
Emmanuel Viennet wrote at 2003-1-7 22:12 +0100:
Our site has sections using Zope, and other sections using Apache (to use CGI software not under Zope, like for instance mailman or IMP Horde).
The Zope sections authenticate users via exUserFolder, OK.
The Apache sections use http basic auth, OK.
As explained in a recent message (--> mailing list archives), I would go for a session base authentication.
Please read the message and come back, when you have more questions.
Dieter -- Emmanuel Viennet LIPN - Institut Galilee - Universite Paris-Nord
Emmanuel Viennet wrote at 2003-1-9 08:11 +0100:
Do you refer to this thread ? http://lists.zope.org/pipermail/zope/2002-August/121367.html No!
Sorry, I did write such a message but it did not go to a Zope mailing list and has been in German. Getting old... The basic idea: You have a central session management (via a backend database). When your user authenticates, he gets a session handle (cookie or URL segment component). The session contains capabilities (to use various services). When the user need capabilities, the appliciation looks into the session via the session handle and checks whether the session provides the capability. In Zope, you could use a specialized User Folder that could access the session and obtain user information from it and then return the corresponding "User" object. In this way, you could use the standard Zope authorization framework. Dieter
participants (2)
-
Dieter Maurer -
Emmanuel Viennet