PAS reference manual

This reference manual documents the Pluggable Authentication Service (PAS), which is used by Plone 2.5 and later for user management. This manual is aimed towards administrators who need to configure user management in a Plone site and towards developers who are interested in PAS plugins.

  1. Introduction
  2. Using PAS
    1. Features and interfaces
    2. The important interfaces
    3. Configuring PAS
    4. Configuring an individual PAS plugin
  3. Developing for PAS
    1. Concepts
    2. The user object
      1. The user object
      2. User creation
      3. User factory plugin
      4. Properties plugins
      5. Group plugins
      6. Roles plugin
    3. Authorisation process
      1. Authorisation algorithm
      2. Credential extraction
      3. Credential authentication
      4. Challenges
    4. Caveats
      1. PAS eats exceptions

All content on one page (useful for printing, presentation mode etc.)

Great start, but...

Posted by Stan McFarland at Apr 03, 2007 04:22 PM
Wichert, this is a great start, but there a couple of basic things missing that I hope you could add. For instance, if I want to write my own extraction plugin, where does it go, and how to you get the ZMI to see it? I wrote a simple plugin and placed it in the Products/PluggableAuthService/plugins directory, restarted my server, but the module doesn't appear in the list of Extraction plugins, and it also doesn't appear to have even been compiled. Am I missing something?

Missing essentials

Posted by Wichert Akkerman at Apr 03, 2007 08:25 PM
What you are missing is the fact that a PAS plugin is a normal Zope object, so all the usual Zope magic is needed: creating an object factory, ZMI add form, registering the content type, etc.

I'll try to work that into the next revision of the manual.

Thanks, Wichert.

Posted by Stan McFarland at Apr 04, 2007 01:47 PM
I installed the GMailAuthentication Plugin - as advertised, it serves as a nice skeleton.

Example plugins

Posted by Wichert Akkerman at Apr 04, 2007 01:51 PM
In terms of example plugins the NoGoChallenger (also on plone.org/products) is an even simpler example / skeleton.

Great work

Posted by Gilles Lenfant at Apr 30, 2007 02:12 PM
I would add that caching PAS and/or plugins with a RAM cache is essential on production sites, where properties and role plugins are frequently executed.

Of course do not activate this cache unless your PlonePAS customisation is tested.