[Zope-PAS] Failing to fill users properties, should it cause an error?

Sidnei da Silva sidnei at enfoldsystems.com
Fri Feb 2 13:45:45 EST 2007


We are having an interesting discussion internally here, which I would
like to bring up on the list.

 - In the event of a plugin that provides information about a
particular user/group failing to do so (because it's misconfigured or
otherwise), should PAS complain loudly about it?

I know that PAS can work just fine with just a user id/login name
combination (not even password is required) but other stuff in the
system might depend on the user having, say, a valid email.

If the email is stored on an external system like LDAP and the LDAP
plugin fails provide that information, it would be desirable to have
the authentication process fail.

Now, some might argue that this is an application-specific policy. The
fact is that there's no obvious way currently of 'vetoing' a login
based on the lack of certain user properties (like the email example
above).

I would like to change PAS so this is possible to do. Any objections?

-- 
Sidnei da Silva
Enfold Systems                http://enfoldsystems.com
Fax +1 832 201 8856     Office +1 713 942 2377 Ext 214


More information about the Zope-PAS mailing list