[Zope-dev] Re: [Zope-Annce] jcNTUserFolder 0.2.1 released

Jephte CLAIN Jephte.Clain@univ-reunion.fr
Tue, 04 Dec 2001 10:51:05 +0400


"Jay, Dylan" wrote:
> One way is to not replicate the challenge-response functionatlity at all.
this is the solution i have opted for. it has run now for two years :-)
the problem is Zope cannot be in remote user mode and in normal mode at
the same time. I think that setting up a zeo cluster (one zope instance
that is served through IIS, and is used to update content, and one which
has the normal behavior, and serves public content) could enable this,
but I haven't tried yet.

> Put Zope behind IIS in two spots. One which is protected and thus elicits a
> challenge/response and another that has IIS anoymous access on it. Then get
> the zope security machinery to alternate between the two urls depending on
> the security required.
please elaborate: you mean that when access to
http://iis.host.com/zope_anonymous.pcgi/protected_resource is forbidden,
zope automatically redirect the user to
http://iis.host.com/zope_protected.pcgi/protected_resource?

> Then all you need is remote user mode in Zope to work
> by allowing any remote user secure access. Perhaps remembering new
> REMOTE_USER's so further roles can be associated with them.
I don't understand :-(

regards,
jephte.clain@univ-reunion.fr