[Zope-PAS] Re: Multiple principals with the same ID
Tres Seaver
tseaver at palladion.com
Thu Dec 1 15:33:29 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Wichert Akkerman wrote:
> Previously Tres Seaver wrote:
>
>>Within a single PAS, it is an error to have two principals with the same
>>ID; otherwise you will end up granting permissions inappropriately. If
>>you have plugins which are generating identical IDs, then you need to
>>have one or both of them use prefixes (that is what they are for).
>
>
> I see no mention of prefixes anywhere within PAS, so I guess you expect
> each plugin to implement prefixes itself? How about multiple instances
> of the same plugin?
$ cd ~/projects/PAS/Products/PluggableAuthService-trunk/plugins/
$ grep -l prefix *.py
BasePlugin.py
DynamicGroupsPlugin.py
ZODBGroupManager.py
ZODBUserManager.py
Each plugin derived from BasePlugin has a 'prefix' property. The stock
plugins which generate principal IDs (users or groups) prepend the
prefix to those IDs when returning them to callers. Before PAS 1.1b1,
those plugins were hardwired to use their own IDs (with an underscore
separateor) as the prefix; now, the user can change the prefix on a
per-plugin basis.
Tres.
- --
===================================================================
Tres Seaver +1 202-558-7113 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDj14Z+gerLs4ltQ4RAkSeAJ4+BlD8sd/AFVKBXTfBo2888/n0VQCeOnlH
NkLURUuIzqH8tjCJfT6WthU=
=ihfy
-----END PGP SIGNATURE-----
More information about the Zope-PAS
mailing list