On Tuesday 20 February 2001 16:32, you wrote:
Hi
We were asked to install a Zope server over Windows NT. Problem is - the users registered on the NT network (classic domain, not Active Directory) must be able to authenticate on the Zope server.
I came across a couple products (jcNTUserFolder, NTUserFolder and smb User Folder) to do that and would like some opinions on them. Any experiences?
Well, there *is* one thing I'd like to mention: Authenticating against NT is basically the same as authenticating against a UNIX password file. The Apache docs warn against it for a good reason: The HTTP password travels the net unencrypted. This means, your NT domain user passwords are traveling through your Intranet or even the Internet in the clear. If you want to do it, I'd strongly suggest putting your Zope behind Apache with SSL, and prohibiting direct (HTTP, not HTTPS) access. Just my $0.02. Jan