[Zope-PAS] Installing Plone PAS in Plone site overwrite base
acl_users and sites acl_users
Sidnei da Silva
sidnei at enfoldsystems.com
Fri Nov 11 10:42:27 EST 2005
On Fri, Nov 11, 2005 at 10:39:13PM +0800, Tom Hallam wrote:
| Just tried PlonePAS on a test site (clean install 2.1.1 on current Zope
| 2.8.x) and was getting an assertion error when using quick installer.
| I'd done my normal setup of using a different user name and password for
| the zope admin account and the plone admin account. Just to try
| something else ... I decided to log into the plone site using the
| acquired admin account from the Zope install -> No error but it
| overwrote both the Zope and Plone acl_users.
|
| Is this normal for PlonePAS?
| Why?
| Does it mean that all plone sites on a zope instance must use PlonePAS?
Your problem is not related to Plone or PlonePAS.
Basically if you are using PAS and you want to authenticate with a
user that is not defined in PAS user folder in the context you are
trying to log in but in a upper level user folder, then you might not
be able to login if that user folder is not a PAS one in some setups.
Why? Because what happens is:
1. Page requires authentication
2. The PAS closer to your location issues a challenge
3. PAS extracts the credentials and tries to authenticate, but fails
because the user is defined in a upper level user folder.
4. Now, if the upper level user folder is a standard user folder, not
PAS, it can't extract the credentials from the request because
'its too late' in the request to do that. However if it is a PAS
then it can because of the way PAS was designed.
There is a thread from a couple months ago where I explained this in
better detail.
--
Sidnei da Silva
Enfold Systems, LLC.
http://enfoldsystems.com
More information about the Zope-PAS
mailing list