[Zope3-dev] HEADS UP: PAU (pluggable authentication) users

Garrett Smith garrett at mojave-corp.com
Tue Mar 29 17:10:51 EST 2005 

Jim Fulton wrote:
> Garrett Smith wrote:
>> Jim Fulton wrote:
>> 
>>> Garrett Smith wrote:
>>> 
>>>> Later today I'm going to checkin a major refactor of the pluggable
>>>> authentication utility. The change greatly simplifies the end-user
>>>> experience of configuring the PAU and will make custom plugins
>>>> easier to write.
>>> 
>>> This introduces IAuthentication2.  This is meant to replace
>>> IAuthentication eventually.  IAuthentication will be deprecated. 
>>> The problem is that we now look up IAuthentication2 rather than
>>> IAuthentication.  This will cause a serious backward compatibility
>>> problem for people using other authentication utilities.  This will
>>> be the case for Zope X3.0 installations. that upgrade to X3.1.
>>> 
>>> I don't think there were ever many auth services.  Perhaps the old
>>> pluggableauth is the only one we need to worry about.  I suggest we
>>> do *one of*: 
>>> 
>>> - Make the old pluggable authentication thing support
>>>   IAthentication2. Unfortunately, we'd need a database fixup script
>>>   that converted old IAuthentication registrations to use
>>>   IAuthentication2.  We may already have code that converts old
>>>   service registrations to utility registrations. Maybe this code
>>> could do this too. 
>>> 
>>>   or
>>> 
>>> - Change the code that doesn't actually *need* the new logout method
>>>   to do getUtility with IAuthentication, rather than
>>> IAuthentication2.
>> 
>> 
>> The downside to option two is that there are a number of such places
>> and the BBB code starts to look like TODOs.
> 
> I don't follow this.  With this option, places that don't need logout
> would just use IAuthentication.

So you wouldn't expect to ever migrate the use of IAuthentication in
cases where logout wasn't needed?

If there is a downside to this (not sure there is), it would be
confusion about when to use which interface.

>> would be nice to have a working example of interface evolution, but
>> it makes for complicated BBB/TODO management.
> 
> Yup.

So you're your leaning toward IAuthentication2 used in cases when we
only need logout?

 -- Garrett

More information about the Zope3-dev mailing list