[Zope-CMF] Login

Anthony Baxter Anthony Baxter <anthony@interlink.com.au>
Thu, 19 Jul 2001 23:47:56 +1000 

couldn't you use a cookie set up to go to all machines in the domain?

hacky as hell, but...

Anthony

>>> Jens Vagelpohl wrote
> lene,
> 
> this is probably not possible if your intranet site and your zope site are 
> on different machines with different hostnames. the browser will not send 
> username and password information it collected on one site when you browse 
> to another site, regardless of whether your intranet site uses cookies or 
> basic auth. even the fact that both sites use the same user data on the 
> backend does not change this, it's just a basic browser "security" issue.
> 
> there is always the (pretty insecure) method of putting username and 
> password into the link that the user clicks to jump to the intranet. an 
> example of that can be found in your CMF, look for "registered.dtml" in 
> the portal_types tool under the "generic" skins folder. this is not secure 
> because username and password are sent across the network in clear text, 
> however, if both your sites are internal and not accessed from the outside 
> that might be all you need.
> 
> a more complicated way of doing it would be at the user folder level, but 
> this would require writing python code. your link on the intranet site 
> could have a query string with a username and encrypted password that 
> would be tested for and compared with the encrypted version of that user's 
> password in the user folder.
> 
> jens
> 
> 
> 
> 
> On Thursday, July 19, 2001, at 07:28 , Lene Eikemo wrote:
> 
> > I want my CMF-site-members to enter from an intranet-site without loggin 
> > in!
> > In other words; when the user clicks on the Zope-link on the intranet,he
> > automatically gets his "My stuff" -without seeing the login-schema at all.
> > Is this possible???
> > (the user is authenticated at the intranet using LDAP, and I'm planning to
> > use LoginManager with LDAP-aut.) (or should i use LDAPAdapter? I'm NOT 
> > going
> > to change/add user-records in Zope)
> >
> > Lene K
> >
> >
> > _______________________________________________
> > Zope-CMF maillist  -  Zope-CMF@zope.org
> > http://lists.zope.org/mailman/listinfo/zope-cmf
> >
> > See http://www.zope.org/Products/PTK/Tracker for bug reports and feature 
> > requests
> 
> _______________________________________________
> Zope-CMF maillist  -  Zope-CMF@zope.org
> http://lists.zope.org/mailman/listinfo/zope-cmf
> 
> See http://www.zope.org/Products/PTK/Tracker for bug reports and feature requ
ests
> 

-- 
Anthony Baxter     <anthony@interlink.com.au>   
It's never too late to have a happy childhood.