- Authenication problems when on webhost?
I haven't installed Zope yet. I have been reading the documentation and posts here. There have been a couple of post by Michael Grinder which have not been answered and concern me. Maybe they have not been answered because there isn't a good solution. If that is the case I prefer to know. For those of us who have to use a webhosting service we are at the mercy of what they (the webhost) will permit and what is required configuration wise by Zope. Are there any options for configuring for Authorization that can be done by those of us who use a webhosting service? Any help appreciated. Thanks. Jimmie Houchin Michael's messages below. First Message:
Date: 7 Dec 1998 00:59:18 -0000 From: "Michael Grinder" <grinder@cs.montana.edu> Subject: [Zope] - Need Help -- Zope & Apache
Hi. I'm trying to get Zope running with Apache on my machine at home. I would like to evaluate it for some web projects I'm working on. If I decided to use it, it will be running on my web hosting service where I won't have root access.
I was able to get everything running fine on the Zope http server, but getting it to run on Apache has proved to be challenging. Actually, it runs fine except for authentication. I set things up exactly as described in doc/INSTALL.txt, but I keep getting this message:
<snip error message>
Apparently I am not setting up the URL rewriting properly. If, for example, Zope.cgi is in /home/grinder/public_html (~grinder/Zope.cgi) and the Zope installation is in /home/grinder/Zope, how would one make the rewriting for authentication work properly?
If I were to deploy Zope on my webhosting service I would only have user access so I won't be able to modify apache config files, etc. How would one go about setting up Zope without root access?
Second Message:
Date: 8 Dec 1998 18:08:21 -0000 From: "Michael Grinder" <grinder@cs.montana.edu> Subject: [Zope] - Rewrite rules somewhere besides httpd.conf?
Can the Apache rewrite rules be put in a file other than httpd.conf? For example, could they be put in a file local to the Zope directories such as a .htaccess file?
At 01:54 PM 12/8/98 -0600, Jimmie Houchin wrote:
I haven't installed Zope yet. I have been reading the documentation and posts here. There have been a couple of post by Michael Grinder which have not been answered and concern me. Maybe they have not been answered because there isn't a good solution. If that is the case I prefer to know.
For those of us who have to use a webhosting service we are at the mercy of what they (the webhost) will permit and what is required configuration wise by Zope.
Are there any options for configuring for Authorization that can be done by those of us who use a webhosting service?
There are several ISP's whose servers support HTTP_AUTHORIZATION, including Hiway, RapidSite, and a number of regional telcos who outsource their hosting through Hiway/RapidSite. Hiway and RapidSite run an Apache variant known as "RapidSite/Apa-1.2" which was patched to pass through the HTTP_AUTHORIZATION environment variable to CGI scripts. In their CGI environments, all scripts run as the Unix user ID of the customer, so there are no security issues with making HTTP_AUTHORIZATION available. This means that ZOPE should run virtually out of the box on a Hiway or RapidSite host. A couple of points to mention, though... Hiway does not allow you to run your own servers, so ZopeHTTPServer is absolutely out. Since Hiway servers are also periodically rebooted for various kinds of maintenance, you cannot rely on such a process staying up indefinitely anyway. This also means you need to be sure if you're using an LRP that it can auto-start from the web. I know all this stuff because I work for Hiway/RapidSite and have implemented ZPublisher-based internal applications there. I've switched away from using my work e-mail address on the list, however, because I don't want anything I say to be misconstrued as official statements on the part of the company.
Jimmie Houchin wrote:
I haven't installed Zope yet. I have been reading the documentation and posts here. There have been a couple of post by Michael Grinder which have not been answered and concern me. Maybe they have not been answered because there isn't a good solution. If that is the case I prefer to know.
If you've noticed the Zope traffic, I hope you can appeciate that it might take a while to get to everyones questions.
For those of us who have to use a webhosting service we are at the mercy of what they (the webhost) will permit and what is required configuration wise by Zope.
Are there any options for configuring for Authorization that can be done by those of us who use a webhosting service?
Unfortunately, most web servers make it hard for web applications to do authentication. We worked out a way to trick Apache into doing it that worked with some versions of Apache and not others. It hasn't helped that the key piece, mod_rewrite has changed quite a bit from rev to rev. :( I think a number of people are working on trying to give helpful advice. Keep in mind, however, that Zope does provide support for letting an HTTP server do authentication and letting Zope do authorization. You have to get the web server administrator to set up the user ids and passwords for you and to set a couple of script aliases. Then Zope uses the REMOTE_USER information passed from the web server. This is described in the Bobo documentation, which is being converted to Zope documentation and was also described on Bobo list. Jim -- Jim Fulton mailto:jim@digicool.com Technical Director (540) 371-6909 Python Powered! Digital Creations http://www.digicool.com http://www.python.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
Jimmie Houchin wrote:
I haven't installed Zope yet. I have been reading the documentation and posts here. There have been a couple of post by Michael Grinder which have not been answered and concern me. Maybe they have not been answered because there isn't a good solution. If that is the case I prefer to know.
If you've noticed the Zope traffic, I hope you can appeciate that it might take a while to get to everyones questions.
Understood. And I think that it is wonderful. The Zope list is now full of life. :) In rereading my statements, maybe I phrased my above statements poorly. I didn't mean to imply that the lack of answers concerns me, but that the question (because of similar situations) and therefore what the answer would be, concerns me. I was not trying to be harsh to the list, but may have come across as such. If so, my apologies.
For those of us who have to use a webhosting service we are at the mercy of what they (the webhost) will permit and what is required configuration wise by Zope.
Are there any options for configuring for Authorization that can be done by those of us who use a webhosting service?
Unfortunately, most web servers make it hard for web applications to do authentication. We worked out a way to trick Apache into doing it that worked with some versions of Apache and not others. It hasn't helped that the key piece, mod_rewrite has changed quite a bit from rev to rev. :( I think a number of people are working on trying to give helpful advice.
Keep in mind, however, that Zope does provide support for letting an HTTP server do authentication and letting Zope do authorization. You have to get the web server administrator to set up the user ids and passwords for you and to set a couple of script aliases. Then Zope uses the REMOTE_USER information passed from the web server. This is described in the Bobo documentation, which is being converted to Zope documentation and was also described on Bobo list.
I hope that the Apache my webhost uses, 1.2.6 on RH 4.2 is one that is cooperative or that my webhost has already configured it for providing Authentication. :) I thank all here who provide assistance. For much of this is beyond my current scope of understanding. Thanks again. Jimmie Houchin
Jimmie Houchin wrote:
(snip)
I hope that the Apache my webhost uses, 1.2.6 on RH 4.2 is one that is cooperative
Probably not.
or that my webhost has already configured it for providing Authentication. :)
Actually, you can probably define user's via an .htaccess file. When your ready, look at the Apache docs.
I thank all here who provide assistance. For much of this is beyond my current scope of understanding.
Yeah, this is a lot harder than it should be. Jim -- Jim Fulton mailto:jim@digicool.com Technical Director (540) 371-6909 Python Powered! Digital Creations http://www.digicool.com http://www.python.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
participants (3)
-
Jim Fulton -
Jimmie Houchin -
Phillip J. Eby