[Zope-CMF] Login
Sedat Yilmazer
sedat@kibele.com
Mon, 23 Jul 2001 19:08:08 +0300
I had a similar problem some time ago. my solution was=20
<not 100% secure>
Client side
1-) create a random 64 char key
2-) encode the user name and password via that key
3-) get system time and encode it using the key
4-) concatenate the key, system time and the encoded chars to for a =
parameter
3-) pass that parameter to the web server
Web server side
1-) get the parameter
2-) split the first 64 chars key encoded system time and the rest
3-) decode the rest using the first 64 chars
4-) decode the system time. If the system time is somewhere near the =
curren time continue otherwise reject
5-) try to auth. the user
My encoding/DECODING was simple XOR. Looking at the passed parameter =
you will see a junk. I would not attempt to decode that.
</not 100% secure>
Sedat
-----Original Message-----
From: zope-cmf-admin@zope.org [mailto:zope-cmf-admin@zope.org]On Behalf
Of Lene Eikemo
Sent: Thursday, July 19, 2001 2:29 PM
To: zope-cmf@zope.org
Subject: [Zope-CMF] Login
I want my CMF-site-members to enter from an intranet-site without loggin =
in!
In other words; when the user clicks on the Zope-link on the intranet,he
automatically gets his "My stuff" -without seeing the login-schema at =
all.
Is this possible???
(the user is authenticated at the intranet using LDAP, and I'm planning =
to
use LoginManager with LDAP-aut.) (or should i use LDAPAdapter? I'm NOT =
going
to change/add user-records in Zope)
Lene K
_______________________________________________
Zope-CMF maillist - Zope-CMF@zope.org
http://lists.zope.org/mailman/listinfo/zope-cmf
See http://www.zope.org/Products/PTK/Tracker for bug reports and feature =
requests