[Zope-PAS] Passwordless authentication
Zachery Bir
zbir at urbanape.com
Mon Aug 30 14:04:49 EDT 2004
On Aug 30, 2004, at 1:00 PM, Lennart Regebro wrote:
> Zachery Bir wrote:
>> Actually, PAS supports it. There are no assumptions made on what
>> constitutes valid credentials. For something like this, though,
>> you'll probably want a plugin that does both
>> IExtractCredentialsPlugin and IAuthenticateCredentialsPlugin (since
>> they will likely know what to look for from each other).
>
> It works with this little change:
>
> security.declarePrivate( '_mangleId' )
> def _mangleId( self, namespace, id ):
> if id.find(MANGLE_DELIMITER) != -1:
> return id
> return MANGLE_DELIMITER.join( ( namespace, id ) )
>
> So that double mangling is prevented. That way the Authentication
> plugin can return the correct mangled user_id of the user.
Nope. The Authentication plugin hands back a tuple of unmangled id and
login (login can be None).
That tuple will be passed to a IUserEnumeration plugin to satisfy
within itself. First one to respond positively wins, and *that's* the
point where PAS will mangle the id (the winning plugin's id is the
namespace in the above method).
> Otherwise, the enumeration and authentication plugins has to be the
> same, which doesn't work in this case, because then the extraction,
> authentication and enumeration plugins has to be the same, and then
> you really have no point in having a plugin-architecture at all,
> unless the various plugins are independant of each other.
I think I've mis-explained something. ;^) I'll try to work up an
example that's a little more clear.
Zac
More information about the Zope-PAS
mailing list