Dieter Maurer wrote:
zope-mailinglist writes:
the apache server authenticates succesfully and in the z2.log file i see that the remote_user variable is passed over, but zope always wants to switch back to normal user authentication and wants credentials. (btw. the user is existent in the root user folder)
is it possible, that this is a proxy problem, do i need to pass additional information? I think it is possible.
You need to put Zope in "_remote_user_mode". Look at "AccessControl/User" for how to do that...
Dieter
thanks for your reply sorry, forgot to state that zope already runs in _remote_user_mode the problem seems to be that zope looks in request.environ['REMOTE_USER'] which is not present in the zope process, only in the apache process -- seems that remote_user_mode is only for cgi mode, where apache passes its environment variables to the cgi. i found out that i need request._auth this is the base64 encoded user:pw string i tried it out by changing the source of User.py like this: replace: name = request.environ.get('REMOTE_USER', None) with: name = self.identify(request._auth)[0] ... and it works, but that can only be a temporary solution. the problem is that if i do this, users can easily be faked by just using another apache proxy which authenticates users with the same name. therefore a domain restriction needs to be applied. maybe this is a new feature for zope such as "proxy_authentication_mode". i think i have to subclass UserFolder and User and then provide the apropriate validate method is there another solution? tia, bernd