[Zope-PAS] challenge misunderstandings/problems
Uwe Hoffmann
qual at tiscali.de
Sat Oct 29 09:31:26 EDT 2005
Hi ,
i want to use two different authentication/challenge plugins.
1) gssapi based one (using challenge and authentication)
2) cookie/form based one (only using authentication)
The gssapi based one is preferred but not all clients support
this one. So the cookie/form based one should be the fallback.
My Problem is: If the client hits a protected page the
gssapi based challenge is run and some headers are set
(WWW_Authenticate: negotiate) but the body of the resulting 401
response is always the standard message set in HTTPResponse of
the HTTPResponse Zope module ("You are not ...") .
def challenge( self, request, response, **kw ):
response.addHeader('WWW-Authenticate',
'negotiate')
m = "<strong>pipapo</strong>"
response.setBody(m, is_error=1)
response.setStatus(401)
return 1
( actually <strong>pipapo</strong> will be replaced by the form
which will submit the values for the cookie based
authentication plugin)
so it seems that response.setBody is called again.
any hints ?
regards,
Uwe
More information about the Zope-PAS
mailing list