[Zope-PAS] SVN: Products.PluggableAuthService/branches/shh-15-masquerading/Products/PluggableAuthService/ User masquerading. Adapted from a patch against PAS 1.0.4.

Tres Seaver tseaver at palladion.com
Mon Mar 2 12:12:01 EST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Wichert Akkerman wrote:
> Hi Stefan,
> 
> Previously Stefan H. Holek wrote:
>> Log message for revision 97359:
>>   User masquerading. Adapted from a patch against PAS 1.0.4.
>>   
>>   Logging in as AUTHUSER/ROLEUSER (e.g. 'admin/jdoe') authenticates
>>   against AUTHUSER but returns ROLEUSER. As a security precaution,
>>   AUTHUSER must have the Manager role. Note: AUTHUSER and ROLEUSER
>>   must live in the same user folder.
> 
> What happens if someone as a / in his login name? How do you plan to
> deal with differing login and usernames?
> 
> Is there a reason this is not doable with plugins?

I agree:  this is *exactly* the sort of thing which should be in a
plugin.  In particular, such a plugin should be configured to select
which other IAuthentication plugins it would search, which would remove
the requirement to splice the code directly into the PAS framework code.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJrBNh+gerLs4ltQ4RAg7sAKCb0XV+xh+hI5G77RbGUylhS7IrGACgjV1Z
vU9W2q2gXP8i9hsy5A7BuJw=
=gWIX
-----END PGP SIGNATURE-----



More information about the Zope-PAS mailing list