[Zope3-Users] Still trying to figure out PAU

Rupert Redington rupert at neontribe.co.uk
Fri Feb 3 11:11:06 EST 2006


Florian Lindner wrote:
> Am Freitag, 3. Februar 2006 04:07 schrieb Gary Poster:
>> On Feb 2, 2006, at 4:41 PM, Florian Lindner wrote:
>>> Hello,
>>> I'm still desperately trying to figure out the
>>> PluggableAuthentication.
>> Since no one has replied, I'll try my "30-second remediation"
>> technique again. ;-)  That means I didn't really follow exactly what
>> you are doing, and I'm just trying for low-hanging fruit to help
>> you. :-)
> 
> :-)
> 
>>> I perform the following steps:
>>>
>>> 1) Create an instance of my folderish, possible site (named A),
>>> content
>>> object.
>>>
>>> 2) I create a site in it.
>>>
>>> 3) I add a PAU in the default software space
>>>
>>> 4) I add a SessionCredentialsPlugin and a PrincipalFolder as plugins.
>>>
>>> 5) I create a internal principal with "Title" =
>>> "zope.Manager" (tried also
>>> other ones). name = abc
>>>
>>> 6) In the SessionCredentialsPlugin I leave to "loginForm.html". I've a
>>> loginForm.html view in my A-object)
>>>
>>> 7) I register all components (SessionCreadentiasPlugin,
>>> PrincipalFolder and
>>> PAU)
>> So that means that http://127.0.0.1:8080/++etc++site/default/test.pau/
>> @@configure.html (or similar) has one credentials plugin in the right
>> column ("Session Credentials (a utility)") and one authenticator
>> plugin in the right column ("PrincipalFolder (a utility)" or
>> something like that).  Right?
>>
>> If not, make it so.  :-)
> 
> It was already like that, forgot to mention it.
> 
>> If that doesn't work, try making the right column of the Credentials
>> Plugins field be "No Challenge if Authenticated (a utility)" first
>> and then "Session Credentials (a utility)" second.  That's probably
>> what you want anyway.
> 
> Changed it a bit.
> 
> I'm not redirected to the loginForm.html but a "Not authorized" page. Anything 
> else is the same. I wonder why I'm not authorized, because in the 
> authenticateCredentials() function the internal.title returns:
> 
> (Pdb) internal.title
> u'zope.Manager'
> 
> Which should be authorized for anything.
> 
> Hope you can hang the fruits a few centimeter lower...  ,-)
> 
> Thanks!
> 
> Florian

If this fruit is low enough for me I'll be very surprised, and you've
probably done this already, but:

Does the Principal you've added to your PAU authentication plugin have a
grant on the site/folder you're trying to access?

Rupert


More information about the Zope3-users mailing list