[Zope3-Users] Re: NTLM credential plugin
Philipp von Weitershausen
philipp at weitershausen.de
Wed Sep 13 02:30:22 EDT 2006
Simon Hang wrote:
> I'm thinging to write a NTLM credential plugin for zope3. But as I know,
> ntlm use 4-way handshake procedure, that means it needs two round-trips
> between server(zope3) and client(browser).
> When I look in the credential plugins, it has challenge mothed. But
> seems it is only design for 1 round-trip protocol. It can issue one
> challenge, and return to parent script.
I don't see how the PAU only allows one "round-trip". The PAU will use
the credentials-plugin to challenge the user when an Unauthorized
1. The first time your challenge method is called, you set the
WWW-Authenticate: NTLM header (like the HTTP Basic Auth plug-in sets the
WWW-Authenticate: Basic header).
2. Then the client sends the type 1 message which you extract in
extractCredentials and raise Unauthorized *again*.
3. THat means your challenge method is called *again*. That time you'll
se tthe WWW-Authenticate header with the type 2 message.
4. Then the client sends the type 3 message back which you'll extract in
More information about the Zope3-users