Previously Behrens, Matt wrote: > Tres Seaver wrote: > > > You need to have plugins registered which implement > > IUserEnumeration and IGroupEnumeration for your site. > > Probably you are going to need to share the set of valid > > users with that external program, though. > > Right, but what if I can't enumerate the users? In this scenario, I > actually cannot get a list of valid users. Inside Zope, my sole > assurance that I have a valid user is that the hash matches up. > > It's a similar situation to exUserFolder's smbAuthSource; in that case, > a username and password is provided and passed on for authentication, > and if it works, a user object is created on the fly. Or REMOTE_USER, > if you don't have access to the list of valid users; you simply trust > the username you're given, creating that user object again.
Many user sources suffer from this. I had the same problem when implementing OpenID. Basically the problem is that PAS tries to verify if a userid is linked to a valid user by doing a search for it. For OpenID As I added some workaround code that checks if you are doing a exact user search for a userid that looks like a URL and if so always return a dummy user. That made PAS happy. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. _______________________________________________ Zope-PAS mailing list Zope-PAS@zope.org http://mail.zope.org/mailman/listinfo/zope-pas