[Zope] - Authenication problems when on webhost?

Jim Fulton jim@Digicool.com
Tue, 08 Dec 1998 20:44:44 +0000


Jimmie Houchin wrote:
> 
> I haven't installed Zope yet. I have been reading the documentation and
> posts here. There have been a couple of post by Michael Grinder which have
> not been answered and concern me. Maybe they have not been answered because
> there isn't a good solution. If that is the case I prefer to know.

If you've noticed the Zope traffic, I hope you can appeciate that it might
take a while to get to everyones questions.

> For those of us who have to use a webhosting service we are at the mercy of
> what  they (the webhost) will permit and what is required configuration
> wise by Zope.
> 
> Are there any options for configuring for Authorization that can be done by
> those of us who use a webhosting service?

Unfortunately, most web servers make it hard for web applications
to do authentication.  We worked out a way to trick Apache into doing it
that worked with some versions of Apache and not others.  It hasn't helped
that the key piece, mod_rewrite has changed quite a bit from rev to rev. :(
I think a number of people are working on trying to give helpful
advice.

Keep in mind, however, that Zope does provide support for letting
an HTTP server do authentication and letting Zope do authorization.
You have to get the web server administrator to set up the user ids
and passwords for you and to set a couple of script aliases.  Then Zope
uses the REMOTE_USER information passed from the web server.   This is
described in the Bobo documentation, which is being converted to
Zope documentation and was also described on Bobo list.

Jim

--
Jim Fulton           mailto:jim@digicool.com
Technical Director   (540) 371-6909              Python Powered!
Digital Creations    http://www.digicool.com     http://www.python.org

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission.  Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.