[Zope] Has anyone tried authentication accross multiple serve rs?

Jay, Dylan djay@lucent.com
Tue, 13 Apr 1999 09:28:52 +1000 

> -----Original Message-----
> From: Brian Lloyd [mailto:Brian@digicool.com]
> Sent: Monday, 12 April 1999 23:36
> To: 'Jay, Dylan'; Brian Lloyd
> Cc: 'zope@zope.org'
> Subject: RE: [Zope] Has anyone tried authentication accross multiple
> serve rs?
> 
> 
> > > > I've tried using cookie authentication with UserDB but so far 
> > > > can not get it
> > > > to work. Everytime I try to login in it presents me with the 
> > > > normal basic
> > > > authentication header. I believe this maybe something to do 
> > > > with permissions
> > > > but so far can't figure it out. I am using IIS4 and have 
> > > > turned of basic
> > > > authentication. 
> > > 
> > > The first thing to do here is to make sure that it is really 
> > > Zope causing the authentication challenge, or if it is IIS4.
> > > You need to have _all_ authentication off in IIS and permissions 
> > > set to allow "everybody" to run the zope cgi.
> > > 
> > > Can you log into Zope using the superuser name and password?
> > 
> > I can log in using the superuser password but any other user 
> > gets rejected.
> > Restarting the browser makes no difference.
> 
> If you turn off cookie authentication, do things work as expected?
> If so, be aware that using cookies for authentication is somewhat
> flaky - if you are ever authenticated through basic auth, that will
> take precedence over cookies from that point on in your browser 
> session. The unfortunate fact is that the two methods just dont work
> terribly well together - you really want to make sure that users
> who use cookie authentication will _only_ use cookie authentication,
> not try to switch back and forth.

With no cookie authentication it works perfectly.

> One method I found useful when dealing w/cookie authentication was
> to use two different browsers - for example I would use IE strictly 
> for using management screens and NS for looking at end-user (cookie-
> authenticated) urls...

This is exactly the configuration I have. I have the management screens
running on IE and I run a new netscape each time to test it. However turning
on cookie authentication brings up a basic authentication dialog on when I
test it on NS.

> Hope this helps!
> 
> 
> Brian Lloyd        brian@digicool.com
> Software Engineer  540.371.6909              
> Digital Creations  http://www.digicool.com 
>