[Zope-PAS] what plugins are needed for authentication

[Wichert Akkerman]

Previously Mark Hammond wrote:
> > Hi there,
> >
> > I want to write a PAS Plugin that does only the authentication.
> >
> > it should do the authentication and then store it in a
> > session for a coupple of hours.
> >
> > Now I am unsure which services I have to implement.
> > IAuthenticationPlugin ??
> > IExtractionPlugin  ??
> 
> Without more information, it's unclear what you will need.  Assuming you
> want to reuse either HTTP basic or cookie authentication for the mechanics
> of getting a username/password pair, you can enable the standard PAS plugins
> for IChallengePlugin and IExtractionPlugin.  You should then only need to
> implement IAuthenticationPlugin - and the main job there is for you to
> validate the credentials, then return a dict with the username you
> extracted.  You will also need to have a user manager - the "ZODB User
> Manager" might be OK.  I'd recommend the approach of setting PAS up with
> everything working as you want except for the actual authentication you want
> to perform.  You should then replace the interfaces from that set until
> everything you need is done :)

If he needs to use a session using something else than the username &
password as used by the cookie plugin it should be trivial to leverage
plone.session here. Just add a plone.session plugin to your acl_users,
enable its interfaces, disable credentials update and reset for the
cookie plugin and you're all set. And it'll be more secure as well :)

Wichert.

-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.