[Zope3-dev] Pluggable authentication id management
Jim Fulton
jim at zope.com
Mon Jul 31 10:37:43 EDT 2006
When I did the initial design for the pluggable-authentication
utility (PAU), I came up with a strategy for managing principal ids,
in retrospect, is overly complicated. This suspicion is supported by
the fact that I originally got the implementation of this wrong.
An authenticator plugin, among other things, manages principal ids.
Principal ids need to be unique system wide. In a misguided attempt
to make life easier for plugin authors, I decided that that the PAU
should have a prefix that it adds to principal ids.
This means that plugins that manage principal ids can't get at
principal ids without accessing their PAU, which further means that a
plugin can only be used with a single PAU.
I'd like to get rid of the PAU prefix and simply require that
authenticator plugins provide system-wide unique ids. This can be
done by providing suitable prefixes on each plugin.
I suggest that, for 3.4, we get rid of the PAU prefix option and
provide a generation evolution script that, for PAUs with non-empty
prefixes, just prepends their prefixes to their plugin prefixes and
clears their prefixes. I'm sorely tempted to do this for 3.3.
Thoughts?
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list