UserName automated authentication

Mike Bunyan mrbun at bigfoot.com
Sat Feb 17 12:00:34 CET 2001


I am experimenting with Zope to provide an intranet for 100 or so
people. Looking at achieving an automated (no brainer) authentication
procedure which runs when users access zope through their browser. The
network is NetWare, but I am not allowed to use python NetWare
modules, the users have WinNT4sp5 and MSIE5.5. NT authentication is
not available.
The idea is to use a python script (or sniffer) to get UserName and
authenticate this against a permissions table in mysql or gadfly. The
user does not have to complete any login and cookies would persist for
session.

I am puzzled by the behaviour of each of the following calls:
A = os.system('echo %username%')
B = win32api.GetUserName()
C = os.environ['USERNAME']

My innocence suggests that each should provide the same information.
Called from DOS or python gui the results are as expected except that
A produces:
>>>FBASSET
0
and I can only get 0 as a result and not catch the username.

When any of the above are called through an external zope procedure:
A = 0
B = 'system'
C fails because 'username' does not exist.

The way I read this is that the client workstation does not allow or
reveal 'secure' information through the browser.

Any ideas how to solve this problem, including alternative approaches
are welcome, and some illumination on what is actually happening will
be appreciated.

Mike B
___________________
mrbun at bigfoot.com



More information about the Python-list mailing list