[Zope-dev] Re: FW: [Zope-dev] pam authentication support with PyPam

Stuart 'Zen' Bishop zen@cs.rmit.edu.au
Wed, 3 Nov 1999 12:14:38 +1100 (EST) 

On Tue, 2 Nov 1999, Michel Pelletier wrote:

> > > The first is the fact that only user folders are accumulative
> > > only at folder boundaries. You cannot create one UserFolder
> > > and one NTUserFolder at the same level and have them co-opt
> > > the user authentication responsibility.
> 
> I think this is a good idea, I wonder if the Generic User Folder
> recently prototyped (hey, who did that? I can't find any artifacts to it
> anywhere) does this.

It could in its current incarnation... although its a bit ugly :-)

In your GenericUserFolder, create FolderA and FolderB. In FolderA
create your UserFolder. In FolderB, create your NTUserFolder.
In your GenericUserFolder, change the default DTML methods to
simply call the required functions in the two sub user folders and
return a combined list.

Of course, the correct way to do this would be to move the relevant code
from NTUserFolder to external methods and tidy everything up (you would
still create a sub acl_users folder in the GenericUserFolder for 'manual'
accounts if you need to override them with this interface - at least
until I let people add User objects to the GenericUserFolder)

> There are really deep and fundamental issues, I can see exactly what
> you're talking about, but implimentation could take a while, last time i
> looked at the security system I shuddered.

Tell me about it - I'm trying to get GenericUserFolder to do cookies
authentication 'securely'. The only way I can display a logon screen
is to throw an exception from the validate method. Of course, throwing
an exception means that the user folders above myself will never be
checked. So this means my validate method, if it can't authenticate
locally, has to crawl up the tree seeing if there are any positive 
validations before throwing the exception :-P

 ___
   //     Zen (alias Stuart Bishop)     Work: zen@cs.rmit.edu.au
  // E N  Senior Systems Alchemist      Play: zen@shangri-la.dropbear.id.au
 //__     Computer Science, RMIT 	 WWW: http://www.cs.rmit.edu.au/~zen