[Zope-PAS] what plugins are needed for authentication

Wichert Akkerman wichert at wiggy.net
Wed Apr 4 06:46:48 EDT 2007


Previously Jens Vagelpohl wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> On 4 Apr 2007, at 11:52, Wichert Akkerman wrote:
> >If he needs to use a session using something else than the username &
> >password as used by the cookie plugin it should be trivial to leverage
> >plone.session here. Just add a plone.session plugin to your acl_users,
> >enable its interfaces, disable credentials update and reset for the
> >cookie plugin and you're all set. And it'll be more secure as well :)
> 
> Storing the credentials in a session instead of a cookie does not  
> require installing yet another addon product. You can do that with  
> the standard CookieAuthHelper and the standard SessionAuthHelper.

That assumes you're doing auth based on username and password.
plone.session does not make that assumption.

As an added benefit plone.session does not use Zope sessions, making it
more scalable.

Wichert.

-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.


More information about the Zope-PAS mailing list