[Zope] Authentication with cookies instead of browser.
Thomas Engel
tengel@ucdavis.edu
Thu, 24 Oct 2002 14:08:39 -0700
Help please!
I'm building a comprehensive education resource based on Zope for my
school, and I'm trying to learn Zope internals.
We are running Apache 2.0.43 with mod-Perl 5.8.0 and Zope 2.5.1,
currently on the same machine. Apache serves some content and uses
virtual host and proxy for content in Zope with a VirtualHostMonster.
Authentication of protected resources works like this: when a request
for a protected resource is received, Apache calls a Perl script to
check a special cookie from the user's browser. The cookie has the
user name and a hash of several values. If the cookie is absent or
invalid, the user is directed to a secure campus server which asks
for the user name and password, authenticates it against a Kerberos
system, places the cookie and redirects the user back to our site. At
that point the Perl script finds a valid cookie and allows access.
All of this works perfectly! I can get the cookie in the REQUEST
object in Zope.
I can populate Zope with users. I would like to use Zope's built in
role mechanism for permissions.
How can I make Zope get the user name from the cookie instead of from
the user's browser?
I am happy to subclass existing Python code to make this happen.
I assume that Zope sends a WWW-Authenticate response header to the
user's browser, but I have not yet been able to find the class that
does this, and I have not found this question asked before on the
lists.
Any knowledge or advice is greatly appreciated.
Thanks in advance,
Tom Engel