Hi, I notised that the www.zope.org site uses the properties __ac_name and __ac_password for form-based userauthentication. After not finding anything like that in my Zope 2.0.1 installation I assumed its part of the Portal Toolkit Member function? Can anyone confirm that? And when may we see the Member function released? Best Regards, Johan Carlsson torped johan carlsson birkagatan 9 113 36 stockholm telefon 08-32 31 23 mobil 070-558 25 24 fax 08-32 89 47 johanc@torped.se
Johan, The variables/objects you name are used as part of the UserDB product, this product allows you to authenticate against a RDBMS instead of the user-folders as you normally would. It has a few more advantages such as cookie based authentication etc. HTH Phil phil@philh.org -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Johan Carlsson Sent: Tuesday, October 12, 1999 11:34 AM To: zope@zope.org Subject: [Zope] __ac_name and __ac_password Hi, I notised that the www.zope.org site uses the properties __ac_name and __ac_password for form-based userauthentication. After not finding anything like that in my Zope 2.0.1 installation I assumed its part of the Portal Toolkit Member function? Can anyone confirm that? And when may we see the Member function released? Best Regards, Johan Carlsson torped johan carlsson birkagatan 9 113 36 stockholm telefon 08-32 31 23 mobil 070-558 25 24 fax 08-32 89 47 johanc@torped.se _______________________________________________ Zope maillist - Zope@zope.org http://www.zope.org/mailman/listinfo/zope (Related lists - please, no cross posts or HTML encoding! To receive general Zope announcements, see: http://www.zope.org/mailman/listinfo/zope-announce For developer-specific issues, zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
On Tue, Oct 12, 1999 at 08:26:25AM +0100, Phil Harris wrote:
Johan,
The variables/objects you name are used as part of the UserDB product, this product allows you to authenticate against a RDBMS instead of the user-folders as you normally would.
It has a few more advantages such as cookie based authentication etc.
HTH
Phil phil@philh.org does anybody know any work around so that we can use UserDb in the root folder, replacing the user folder? tia
On Tue, Oct 12, 1999 at 04:09:45PM +0800, kedai wrote:
The variables/objects you name are used as part of the UserDB product, this product allows you to authenticate against a RDBMS instead of the user-folders as you normally would. It has a few more advantages such as cookie based authentication etc. HTH
Phil phil@philh.org
does anybody know any work around so that we can use UserDb in the root folder, replacing the user folder? tia
It can be done, you just have to be _very_ careful. There are a few mistakes to watch out for... Firstly do NOT delete your Users folder expecting to be able to install the new UserDb one. As soon as you delete the old one you no longer have management access (I think the superuser password still works at this point), but once you install the UserDb folder the superuser password _stops_ working and you no longer have permissions to do anything and it will kick you out. This happened to me and was quite annoying. (I had to mess around with the python code and pretty much comment out a lot of the security so I could get back in to my site to set up the UserDb properly...) So what you want to do is make a temporary folder, set your UserDb object up in there and make sure it is working _perfectly_, that it is looking at the right database, that you have users set up properly and that they have the right permissions (including you having management permissions.) Then you _copy_ that UserDb object and, immediately on deleting the Users folder in root, paste the already configured one in. At this point it will probably bring up the password window asking you to authenticate. If you are using Cookie-based authentication this password window NO LONGER WORKS, so cancel out of it. Go directly to the URL: domain.com:port/acl_users/docLogin and log in there. You HAVE to login this way from now on (if you are using cookie-based authentication), so you probably want to have a "Login" link on your front page that leads here. It's probably wise to back up your zope db before you do this just in case you make a mistake and can't get back in. If you do get locked out of your site you can try commenting out the first two lines of the validate method in UserDb.py: def validate(self,request,auth='',roles=None): # if self.cookie_mode: # return self.cookie_validate(request, auth, roles) return self.std_validate(request, auth, roles) This will disable cookie-based authentication and make the password window work off your UserDb database. This does not use the cookies properly though so you won't want to leave it like this. Use this to get back in and fix your site up properly. (This still requires you to have the proper users set up in your database, so if that is your problem you will need to get external access to your database and enter them manually.) -- Evan ~ThunderFoot~ Gibson ~ nihil mutatem, omni deletum ~ May the machines watch over you with loving grace.
participants (4)
-
Evan Gibson -
Johan Carlsson -
kedai -
Phil Harris