[Zope-PAS] Lack of user enumeration a problem

Behrens Matt - Grand Rapids Matt.Behrens at Kohler.Com
Mon Aug 11 15:59:25 EDT 2008

I've been playing with making an extraction/authentication plugin that
takes a cryptographically signed cookie (shared secret and a SHA hash,
for the curious) from an external script, with username and expiry
derived from the cookie.  Basically, I'm trusting the external script
has authenticated the user in the cookie up until the expiry time ticks
over.  That part works.

What I'm missing is the ability to manage groups and roles with ZODB
managers of each.  
If I hit the assignments link for either I have no available users.
Since I can't actually enumerate my users in the scenario I'm looking
at, am I looking at patching/subclassing both managers to accept
arbitrary principal IDs?  Or is there a better way?

More information about the Zope-PAS mailing list