Okay, I'm a Zope newbie. I installed it on my laptop to muck with it, and so far I'm impressed. But I'm having some trouble...I tried to create a new user and add that user to the "Manager" role. I then changed the permissions in the Security tab to let Manager have some privs to do things. The only problem is, no matter what I try, I can't log in as that user. I would have thought I could just pull up a browser on another machine somewhere, point it at my laptop, and log in. I can do this as the superuser, but not as the new user I created. Not at all. I don't see much in the docs about logging in as another user, either. Nor do I even see how to log *out* once you log in as the superuser (help?). All this is using the 1.10 RPMs linked from zope.org, as well as the zserver instead of running with apache. Help? --Donnie
djb@redhat.com wrote:
Okay, I'm a Zope newbie. I installed it on my laptop to muck with it, and so far I'm impressed. But I'm having some trouble...I tried to create a new user and add that user to the "Manager" role. I then changed the permissions in the Security tab to let Manager have some privs to do things. The only problem is, no matter what I try, I can't log in as that user.
Did you add that user to the very top root folder 'acl_users' User folder? If you added the user to a folder *below* the root folder, then you can only log in at the same level as the user folder the user is defined in. This is a very important security feature.
I would have thought I could just pull up a browser on another machine somewhere, point it at my laptop, and log in. I can do this as the superuser, but not as the new user I created. Not at all. I don't see much in the docs about logging in as another user, either. Nor do I even see how to log *out* once you log in as the superuser (help?).
There is no concept of 'log out' with HTTP basic authentication. You log out when the server raises an 403 Unauthorized error. Or you can close the browser. You see, Zope challenges you on EVERY request you make, but web browsers are very nice (sometimes too nice) about caching the userid and password you used and using it all over the place to try and unlock any HTTP doors. Note this is very different from a cookie based authentication which some types of Zope products do. -Michel
Okay, I'm a Zope newbie. I installed it on my laptop to muck with it, and so far I'm impressed. But I'm having some trouble...I tried to create a new user and add that user to the "Manager" role. I then changed the permissions in the Security tab to let Manager have some privs to do things. The only problem is, no matter what I try, I can't log in as that user.
Did you add that user to the very top root folder 'acl_users' User folder? If you added the user to a folder *below* the root folder, then you can only log in at the same level as the user folder the user is defined in. This is a very important security feature.
Yes, I added the user at the very top level. They have "manager" as a role. I've tried leaving Domains empty, adding "*", and adding "*.redhat.com", all without success. I also tried creating a folder and then adding a user there. No dice. I presume that I *should* be able to create a folder called "junk", then create a user in that folder with proper privs, then log in to that folder with something like: http://localhost:9673/junk/manage Right? It seems to want to do this, but all authentication attempts as anyone other than superuser fail.
I would have thought I could just pull up a browser on another machine somewhere, point it at my laptop, and log in. I can do this as the superuser, but not as the new user I created. Not at all. I don't see much in the docs about logging in as another user, either. Nor do I even see how to log *out* once you log in as the superuser (help?).
There is no concept of 'log out' with HTTP basic authentication. You log out when the server raises an 403 Unauthorized error. Or you can close the browser. You see, Zope challenges you on EVERY request you make, but web browsers are very nice (sometimes too nice) about caching the userid and password you used and using it all over the place to try and unlock any HTTP doors. Note this is very different from a cookie based authentication which some types of Zope products do.
Ahh, I see. Any chance cookie authentication is going to be added to the base Zope as an option? Are those "add on products" free as well? If so, where would one find them? Oh, one more thing...kudos to the team that built this stuff. It really is neat. --Donnie -- Donnie Barnes http://www.donniebarnes.com djb@donniebarnes.com "Bah." Challenge Diversity. Ignore People. Live Life. Use Linux. 879. V. Bats, when dipped in batter and deep fried, still taste pretty bad.
djb@redhat.com wrote:
Did you add that user to the very top root folder 'acl_users' User folder? If you added the user to a folder *below* the root folder, then you can only log in at the same level as the user folder the user is defined in. This is a very important security feature.
Yes, I added the user at the very top level. They have "manager" as a role. I've tried leaving Domains empty, adding "*", and adding "*.redhat.com", all without success.
Hmm. Somethings not configured right, your the only one out of a thousand or so who have this particular problem. Are you using Apache with a rewrite rule? That might be the problem. I can assume your running this on RedHat? Well that's the platform we develop against.
I also tried creating a folder and then adding a user there. No dice. I presume that I *should* be able to create a folder called "junk", then create a user in that folder with proper privs, then log in to that folder with something like:
http://localhost:9673/junk/manage
Right? It seems to want to do this, but all authentication attempts as anyone other than superuser fail.
Send the complete HTML source of the error message.
Ahh, I see. Any chance cookie authentication is going to be added to the base Zope as an option?
If someone writes it, or pays us to write it. It's really quite trivial. The yet to be released Zope Portal Toolkit uses cookies because they handle session concepts better.
Are those "add on products" free as well? If so, where would one find them?
UserDB, which stores users in relational databases, works with HTTP Basic and cookie. It's free and available on the website. There are a few other cookie oriented products like cookie cutter. -Michel
hello, as dumb as this sounds did you click on the role manage? when i first fooled around with zope i thought that since there was only one role defined (manager) it would use that as default. but i was wrong. you have to select (manager) before you click the add button. otherwise the user is added but has no role. regards, webman --------------------------------------------------------------------------- webman | _ beehive GmbH | ASCII ribbon campaign ( ) berlin, Germany | - against HTML email X http://www.beehive.de | & vcards / \
Oh damn. I found it. You have to *click* the Role to select it and click "Change". I thought it just defaulted to letting you add the Manager role. Chalk this one up to me not understanding that part of the UI. I guess if I had added another damned role first I would have understood that. Having only one in the list didn't do much for me in terms of understanding. Oh well, my fault. --Donnie -- Donnie Barnes http://www.donniebarnes.com djb@donniebarnes.com "Bah." Challenge Diversity. Ignore People. Live Life. Use Linux. 879. V. Bats, when dipped in batter and deep fried, still taste pretty bad.
On Fri, Jul 30, 1999 at 08:21:09PM -0400, djb@redhat.com wrote:
Oh damn. I found it.
You have to *click* the Role to select it and click "Change". I thought it just defaulted to letting you add the Manager role.
Chalk this one up to me not understanding that part of the UI. I guess if I had added another damned role first I would have understood that. Having only one in the list didn't do much for me in terms of understanding.
Oh well, my fault.
If you scanned through the lold archives of this list, you'd find that my first two posts where exactly this problem. I agree, that bit of UI is not particularly obvious. Welcome to the ZopeClub! Ross -- Ross J. Reedstrom, Ph.D., <reedstrm@rice.edu> NSBRI Research Scientist/Programmer Computer and Information Technology Institute Rice University, 6100 S. Main St., Houston, TX 77005
participants (5)
-
djb@redhat.com -
Michel Pelletier -
Ross J. Reedstrom -
webman -
zope@teleo.net