[Zope-PAS] what plugins are needed for authentication
Wichert Akkerman
wichert at wiggy.net
Wed Apr 4 08:35:14 EDT 2007
Previously robert rottermann wrote:
> Mark Hammond wrote:
> >> Hi there,
> >>
> >> I want to write a PAS Plugin that does only the authentication.
> >>
> >> it should do the authentication and then store it in a
> >> session for a coupple of hours.
> >>
> >> Now I am unsure which services I have to implement.
> >> IAuthenticationPlugin ??
> >> IExtractionPlugin ??
> >>
> >
> > Without more information, it's unclear what you will need. Assuming you
> > want to reuse either HTTP basic or cookie authentication for the mechanics
> > of getting a username/password pair, you can enable the standard PAS plugins
> > for IChallengePlugin and IExtractionPlugin. You should then only need to
> > implement IAuthenticationPlugin - and the main job there is for you to
> > validate the credentials, then return a dict with the username you
> > extracted. You will also need to have a user manager - the "ZODB User
> > Manager" might be OK. I'd recommend the approach of setting PAS up with
> > everything working as you want except for the actual authentication you want
> > to perform. You should then replace the interfaces from that set until
> > everything you need is done :)
> >
> > This is mainly from memory, but I hope it helps...
> >
> > Mark
> >
> > _______________________________________________
> > Zope-PAS mailing list
> > Zope-PAS at zope.org
> > http://mail.zope.org/mailman/listinfo/zope-pas
> >
> >
> thank you very mutch to all the answer I got.
> This is what I need:
>
> on an intranet I want to have all users in a plone "user_source".
> the authentication itself should be against a bunch of
> ActiveDirectory-domains.
> after the authemtication I just want the user to be authorized without
> the need to re authenticate during business hours.
Why do you want to have the users in source_users for that? That isn't
necessary. Just do the normal AD authentication using LDAPMultiPlugins
and use a session plugin such as SessionAuthHelper or plone.session.
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Zope-PAS
mailing list