How to use Pluggable Auth Service

I want to set up "Pluggable Auth Service" in my site, but I don't know how.
in my site, I create a folder for a user, this folder has the login and password properties. I would like my user list to be fed by the login / pass contained in these files.
Can you help me get started with Pluggable Auth Service.
Sorry for my English, it's not very good
Thanks for your help

In Zope, everything releated with authentication and authorization is handled by a so called "user folder" with the typical id acl_users.

Zope already comes with a top level acl_users which is not a PAS (= Pluggable Auth Service) user folder. This complicates matter a bit. Likely the easiest way is to create a new folder and put an PAS user folder therein. Once this is completely set up, a script (or interactive session) can be used to delete the top level acl_users and move the PAS acl_users to the top level.

Once a PAS user folder is created, it can be populated with PAS plugins. To become used, a plugin must have been created and activated (for one or several interfaces; those interfaces correspond to authentication/authorization subtask - such as extraction, authentication, roles, ...). One of the available plugins is called "User Source" (or similarly spelled): its task is to store users (more precisely, "login name" and associated password). In this plugin, you create your users. It is usually activated for the authentication interface. You will need further plugins, e.g. to associated roles, extract authentication information from the request and to challenge for authentication information. The latter two tasks are typically fulfilled by the "cookie auth helper" plugin. Look at the names of the available plugins; tentatively create plugins which seem to be promizing and look which interfaces they support in principle (the available interfaces are documented in plugins/interfaces). If a plugin has a promising interface, explore its tabs to learn how to provide data for it. Come back should you have concrete questions.

1 Like

Thank you for these first explanations
I will move on and come back if I have specific questions
See you soon

I am also interested in this topic because I may have to implement a TOTP plugin using PyOTP with a per user secret.

if youre interested in writing plugins and in need of example code, look for the pas.plugins.* namespace either at PyPI or at

Plone Foundation Code of Conduct