I have painted myself into a nifty corner. My client's site is protected at the root by an acl folder. Those who are not in the acl folder have view privileges only. This works fine. I just added a new feature to my client's site. He wants this capability available to anyone to whom he gives a specific password. I wrote a Python script that generates the password and a page for my client to auto-generate a new random password and to see what the current password is. This works fine as well. The problem is, since I'm not even asking people for a user name here, only a password, and since the site is protected from access via the acl folder, his clients can't get past the password screen because the acl logic presents a challenge for a user name and password which, of course, these folks don't have. It occurred to me at one point that I could define an acl user called, e.g., "client" and then perhaps revise the Python script so that instead of storing the newly generated password in a DTML document, it would update the password property for that user in the acl folder. But it wasn't very obvious to me how to do that. And while I don't *mind* having them have to type in a generic user name, it's more elegant if they don't have to do so. What's the easiest way to address this issue? I looked through a year's worth of email digests and I searched zope.org, but I couldn't find an answer. Thanks.
Hi Dan, how about making your "magic" password split say on the first 5 characters (internally) and use it for user-id and the remaining part as password? Regards Tino --On Montag, 25. November 2002 11:10 -0800 Dan Shafer <dan@danshafer.com> wrote:
I have painted myself into a nifty corner.
My client's site is protected at the root by an acl folder. Those who are not in the acl folder have view privileges only. This works fine.
I just added a new feature to my client's site. He wants this capability available to anyone to whom he gives a specific password. I wrote a Python script that generates the password and a page for my client to auto-generate a new random password and to see what the current password is. This works fine as well.
The problem is, since I'm not even asking people for a user name here, only a password, and since the site is protected from access via the acl folder, his clients can't get past the password screen because the acl logic presents a challenge for a user name and password which, of course, these folks don't have.
It occurred to me at one point that I could define an acl user called, e.g., "client" and then perhaps revise the Python script so that instead of storing the newly generated password in a DTML document, it would update the password property for that user in the acl folder. But it wasn't very obvious to me how to do that. And while I don't *mind* having them have to type in a generic user name, it's more elegant if they don't have to do so.
What's the easiest way to address this issue? I looked through a year's worth of email digests and I searched zope.org, but I couldn't find an answer.
Thanks.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Tino.... Interesting idea. I'm not sure it would work here because I'm generating these 8-character random passwords and there will not be a user named after the first five characters. At least not without what feels like a lot of additional scripting to create new bogus users with three-letter passwords. Or am I missing something? On Monday, November 25, 2002, at 11:58 AM, Tino Wildenhain wrote:
Hi Dan,
how about making your "magic" password split say on the first 5 characters (internally) and use it for user-id and the remaining part as password?
Regards Tino
--On Montag, 25. November 2002 11:10 -0800 Dan Shafer <dan@danshafer.com> wrote:
I have painted myself into a nifty corner.
My client's site is protected at the root by an acl folder. Those who are not in the acl folder have view privileges only. This works fine.
I just added a new feature to my client's site. He wants this capability available to anyone to whom he gives a specific password. I wrote a Python script that generates the password and a page for my client to auto-generate a new random password and to see what the current password is. This works fine as well.
The problem is, since I'm not even asking people for a user name here, only a password, and since the site is protected from access via the acl folder, his clients can't get past the password screen because the acl logic presents a challenge for a user name and password which, of course, these folks don't have.
It occurred to me at one point that I could define an acl user called, e.g., "client" and then perhaps revise the Python script so that instead of storing the newly generated password in a DTML document, it would update the password property for that user in the acl folder. But it wasn't very obvious to me how to do that. And while I don't *mind* having them have to type in a generic user name, it's more elegant if they don't have to do so.
What's the easiest way to address this issue? I looked through a year's worth of email digests and I searched zope.org, but I couldn't find an answer.
Thanks.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Hi Dan, --On Montag, 25. November 2002 12:28 -0800 Dan Shafer <dan@danshafer.com> wrote:
Tino....
Interesting idea. I'm not sure it would work here because I'm generating these 8-character random passwords and there will not be a user named after the first five characters. At least not without what feels like a lot of additional scripting to create new bogus users with three-letter passwords.
Why bogus? Just use scripting ;) user=pseudopwd[:5] password=pseudopwd[5:] READY. Regards Tino :-)
Or am I missing something?
On Monday, November 25, 2002, at 11:58 AM, Tino Wildenhain wrote:
Hi Dan,
how about making your "magic" password split say on the first 5 characters (internally) and use it for user-id and the remaining part as password?
Regards Tino
--On Montag, 25. November 2002 11:10 -0800 Dan Shafer <dan@danshafer.com> wrote:
I have painted myself into a nifty corner.
My client's site is protected at the root by an acl folder. Those who are not in the acl folder have view privileges only. This works fine.
I just added a new feature to my client's site. He wants this capability available to anyone to whom he gives a specific password. I wrote a Python script that generates the password and a page for my client to auto-generate a new random password and to see what the current password is. This works fine as well.
The problem is, since I'm not even asking people for a user name here, only a password, and since the site is protected from access via the acl folder, his clients can't get past the password screen because the acl logic presents a challenge for a user name and password which, of course, these folks don't have.
It occurred to me at one point that I could define an acl user called, e.g., "client" and then perhaps revise the Python script so that instead of storing the newly generated password in a DTML document, it would update the password property for that user in the acl folder. But it wasn't very obvious to me how to do that. And while I don't *mind* having them have to type in a generic user name, it's more elegant if they don't have to do so.
What's the easiest way to address this issue? I looked through a year's worth of email digests and I searched zope.org, but I couldn't find an answer.
Thanks.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Dan Shafer writes:
... password only authentication ... The problem is, since I'm not even asking people for a user name here, only a password, and since the site is protected from access via the acl folder, his clients can't get past the password screen because the acl logic presents a challenge for a user name and password which, of course, these folks don't have. You may check, whether Zope (and browsers) accepts an empty username.
With HTTP basic authentication, you will have the browser login dialog (with its two entries). You are more flexible with cookie based authentication. Dieter
participants (3)
-
Dan Shafer -
Dieter Maurer -
Tino Wildenhain