After the Seattle Plone Conf I had an idea how to implement a simple Pluggable Auth Service plugin to make authenticated RSS feeds accessible to desktop clients. The main problem with desktop RSS readers is that they need something like basic auth instead of a login form.

My first attempt was writing a challenger plugin which differentiated on user agent headers. This was not the most optimal sollution according to wiggy.

He advised me to create a protocol sniffer. So of I went and changed the plugin. It is now a proper protocol sniffer. This adds a protocol named Human Browser to the set of protocols. Using the challenger chooser you can set this protocol to use cookie auth. The normal browser protocol should then be set to http auth.

The plugin still uses the user agent header to detect if it is dealing with a human controlled browser. You can add browsers to this using a subscriber (look at detectors.py).

You can check out the code from the collective at /collective/PASPlugins/HumanBrowserPlugin/trunk.