On Wed, Feb 01, 2006 at 05:09:58PM -0800, Dennis Allison wrote:
Just moved all our systems to ZSyncer 0.7.0 and have encountered a problem related to authentication.
In our past setup, using ZSyncer 0.5.1, we use the ability to specify a user:password to provide a single authorization mechanism that could be used by all of our developers.
Now we've stumbled onto the fact that ZSyncer 0.7.0 has eliminated the optin al user:password specification. Some of our users can use ZSyncer and others cannot. It's not clear what authorization is being used -- I suspect it is ownership, but I have not investigated.
By default, it's the currently logged in user. This requires that the same user/password exist on the destination Zope as well. If you don't want to do that, you can specify it in the destination URLs. This is described in a couple places in README.txt. Advantage of this compared to the old way: You can use different user/passwd on each of several destination servers. (This was a use case for the guy that made the change). Disadvantage: The password is in cleartext in the ZSyncer configuration page in the ZMI. If that's a problem, be careful who is allowed access to that page :-) I'm not crazy about the latter, but it gives the needed flexibility and I haven't had time to create a UI that doesn't show it in cleartext. If somebody comes up with patches I'll happily apply them. -- Paul Winkler http://www.slinkp.com