djb@redhat.com wrote:
Okay, I'm a Zope newbie. I installed it on my laptop to muck with it, and so far I'm impressed. But I'm having some trouble...I tried to create a new user and add that user to the "Manager" role. I then changed the permissions in the Security tab to let Manager have some privs to do things. The only problem is, no matter what I try, I can't log in as that user.
Did you add that user to the very top root folder 'acl_users' User folder? If you added the user to a folder *below* the root folder, then you can only log in at the same level as the user folder the user is defined in. This is a very important security feature.
I would have thought I could just pull up a browser on another machine somewhere, point it at my laptop, and log in. I can do this as the superuser, but not as the new user I created. Not at all. I don't see much in the docs about logging in as another user, either. Nor do I even see how to log *out* once you log in as the superuser (help?).
There is no concept of 'log out' with HTTP basic authentication. You log out when the server raises an 403 Unauthorized error. Or you can close the browser. You see, Zope challenges you on EVERY request you make, but web browsers are very nice (sometimes too nice) about caching the userid and password you used and using it all over the place to try and unlock any HTTP doors. Note this is very different from a cookie based authentication which some types of Zope products do. -Michel