[Zope] Automatic authenticating users in Zope behind IIS
Ng Pheng Siong
ngps@netmemetic.com
Fri, 25 Jul 2003 10:03:28 +0800
On Fri, Jul 25, 2003 at 01:45:54AM +0200, Dieter Maurer wrote:
> Carsten Gehling wrote at 2003-7-24 10:58 +0200:
> > 1) Zope is run behind IIS with PCGI. All users with access to the intranet
> > must be added to the permissions for the intranet's root rolder. Zope user
> > folders are made with the special LDAPUserFolder
> > 2) Zope is run as a standalone server. Zope must simulate IIS's
> > challenge/response system. Zope user folders are made with the special
> > LDAPUserFolder
>
> You should go for 1) and use a specialized "UserFolder"
> that authenticates a user based on "LOGON_USER".
There is RemoteUserFolder, which docu says it works with IIS's setting
REMOTE_USER.
I've not used RemoteUserFolder with IIS, but I've used it with my
ZServerSSL which sets REMOTE_USER from the client certificate's subject DN,
i.e., to support cert-based authentication over SSL. Works fine on Un*x,
and I think it tested ok on Windows, too.
--
Ng Pheng Siong <ngps@netmemetic.com>
http://firewall.rulemaker.net -+- Manage Your Firewall Rulebase Changes
http://www.post1.com/home/ngps -+- Open Source Python Crypto & SSL