WebServerAuth aims to replace apachepas and AutoMemberMaker

The first beta of WebServerAuth is out! Go get your copy and commence abuse. File those bug reports! I want to fix your problems so our hosting service, coming up in a week or two, won’t have them.

WebServerWhaaa?

WebServerAuth is a plugin which lets Plone delegate authentication concerns to a web server like Apache or IIS. Using WebServerAuth, Plone can be configured so any user known to your LDAP, Kerberos, Shibboleth, or Pubcookie system—or any other system for which your web server has an authentication module—can transparently log in using enterprise-wide credentials. WebServerAuth is intended to replace and improve upon apachepas and AutoMemberMakerPasPlugin, which come significantly and entirely, respectively, from yours truly.

Improvements over apachepas and AutoMemberMakerPasPlugin

• When an anonymous user tries to access something unpermitted, we redirect him to the HTTPS side, which triggers a proper login prompt. There are no more nonworking login forms popping up as in the old products.
• No longer does every user who has ever logged in clutter up your Users and Groups control panel.
• Doesn't grant all logged-in users the Member role. This means site admins can opt to allow authentication of all users without giving them any privileges. (Some default Plone workflows grant privileges to Member.)
• Twiddles Plone's login link as necessary, reducing the need for manual configuration
• Jettisons a lot of legacy code and requirements
• Increases test coverage and does away with doctests
• Is unapologetically a Plone product: gone are the architectural compromises needed to support plain Zope use. This is why we can have one product instead of two.

Please give it a try, then hop on our IRC channel and let me know how it went!