[Zope-CMF] Private CMF site

[Greg Ward]

I'm trying to make a private CMF site, ie. you must be authenticated to
access any content (apart from /portal/login_form, of course).  Also,
the site will be read-only to most visitors -- only a few privileged
content managers will be able to add/modify content.

So I went to the "Security" tab under /portal and did the following:

  * disable "Acquire permission settings" for all permissions

  * ensure that role "Anonymous" has no permissions

  * ensure that role "Authenticated" has only a few permissions,
    specifically:
       Access contents information    (?? what's this for ??)
       View
       View History
       query                          (?? what's this for ??)

  * ensure that the role "Manager" has all permissions

Now it's impossible to access the site due to a redirect loop:
  GET /portal/
redirects to
      /portal/login_form?came_from=http%3A//localhost/portal/index_html&retry=

and
  GET /portal/login_form?came_from=http%3A//localhost/portal/index_html&retry=
redirects to
      /portal/login_form?came_from=http%3A//localhost/portal/index_html&retry=

...and 'round and 'round we go.  Argggh.  I've set
EVENT_LOG_SEVERITY=-300 and run "start -D" for maximal logging, but
there's nothing showing up in the log output.  Not a sausage.  Bugger
all.

Any tips on how to diagnose and/or fix the redirect loop?  Or is there a
better/easier/simpler/cleaner/working way to make a CMF site private
that doesn't involve mass permission twiddling?

Thanks --

        Greg
-- 
Greg Ward <gward@python.net>                         http://www.gerg.ca/
Pointers are Arrays; Code is Data; Time is Money