We wrote something like that for a client once. It eventually ended up in my hands and was eggified and pypified. Its called Products.PASIPAuth and its on pypi. I'm certain it has plenty of room for improvement :-)
It contains code to fetch the remote ip from the x-forwarded-for header squid should insert. I have no idea how it will play with other proxy/accelerators. Also, without something like squid that manages this header, someone can easily bypass your security by inserting this header with a spoofed ip address. So be aware. It even understands CIDR netmasks, so you can say that 192.168.0.0/24 are all "john" if you want to. regards, Izak _______________________________________________ Product-Developers mailing list [email protected] http://lists.plone.org/mailman/listinfo/product-developers
