[Zope3-dev] Re: F'burg sprint, pluggableauthentication

Chris McDonough chrism@zope.com
Tue, 24 Jun 2003 18:31:22 -0400


> Well, we didn't quite get done with it but we have a mostly working
> pluggable authentication service based on the work that was
> done in an earlier sprint.  It's in
pluggable_authentication_service-branch.
> You can now add one and add principal sources to it and add
principals
> to them, and log in as one of those.

Its been merged into the trunk now.

I was able to log in and manage the site as a real user yesterday
(yay!).

But I tried today and apparently the pluggable authentication service
is still working (my principal is indeed found and given to the
publisher), I cannot actually log in.

In the principal annotation service, I've granted all possible roles
to a principal from one of my principal sources.  I've mapped those
roles to all permissions (using an allow grant for each permission) in
the principal annotation service.

But when I visit /manage as my principal and provide a proper username
and password, although the publisher know's my principal is the
current user (I've spelunked enough to know this is true) the
permission assertions I've made never seem to be found by the
publication code and my access is denied.

I'm hoping to find the time to understand better why this is not
working.

> Chris, I realized last night that I don't think any of our test
cases
> actually try to look up a user in anything other than the first
source.
> I'll look at this and add some cases in the next few days.

Yup.  That'd be great.

(BTW, I changed earmark generation last night to something less hokey
than a random number)

- C