On Fri, Mar 28, 2008 at 9:12 PM, Jorge Vargas <[EMAIL PROTECTED]> wrote: > > On Fri, Mar 28, 2008 at 2:48 PM, Mike Orr <[EMAIL PROTECTED]> wrote: > > > > This discussion shows Pylons needs some kind of flexible but standard > > system of authentication & authorization. It has also been clear from > > the past several months that AuthKit provides *a* unified solution for > > both issues, but it has not gained sufficient acceptance from the > > Pylons community to be *the* standard. > > > this comes as a shock to me, I though authkit was defacto just like > mako, SA,etc. I'm just starting to read up on authkit, and so far I > though it only had outdated documentation, but the fact that noone has > back it up as a good path in this thread makes me wonder if I'm doing > the right thing. Could someone summarize or point to a summary of the > common issues people have with authkit? as for repoze how ready are > you? will I have to work of trunk?
AuthKit's author James Gardner says the architecture is sound, the outstanding bugs have been fixed, and the two substantial chapters in the Pylons Book space on the wiki have been audited for Pylons 0.9.6. Against this are 4-5 people on IRC and this list who have had bad experiences with AuthKit and think it should be thrown into the ocean. Their argument seems to be not that it doesn't work (the previous bugs have been fixed), but that you can write your own authentication in the time it takes to learn it. I haven't used AuthKit in a program so I can't say definitively one way or the other. As for the number of AuthKit discontents, it's impossible to say whether they're a substantial percentage of the Pylons userbase or a small number of loud activists. AuthKit is probably most helpful if you have a complex permissions scheme and use the built-in plugins. It's less helpful if you use the "forward" feature to call back into the application for the login form. In that case you're doing most of the work yourself anyway and merely shoehorning it into AuthKit's API. In that case you have to ask whether five lines of AuthKit API calls is really better than five lines of homegrown code. Probably not, and I think Gardner would agree here. So the question of whether to use AuthKit mainly comes down to whether you're happy with its authentication plugins and authorization models, or whether you'd prefer to replace them with your own code. And of course, whether the plugins are capable of doing the kind of authentication you need. For instance, I need LDAP with a fallback to a local database. I see that AuthKit does both, but I'm not sure how well it cascades from one to the other, or whether it will accept my existing Users table. I first heard about repoze.who last month, but it's modeled after Zope's authentication which has been around for years. According to the README in repose.who 0.8, it doesn't do authorization at all, just authentication. http://wiki.pylonshq.com/display/pysbook/Home http://authkit.org/ http://repoze.org/index.html http://dist.repoze.org/simple/repoze.who/ -- Mike Orr <[EMAIL PROTECTED]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to pylons-discuss@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---