[Zope] Question about users...

[Michel Pelletier]

djb@redhat.com wrote:
> 
> Okay, I'm a Zope newbie.  I installed it on my laptop to muck with it,
> and so far I'm impressed.  But I'm having some trouble...I tried to
> create a new user and add that user to the "Manager" role.  I then
> changed the permissions in the Security tab to let Manager have some
> privs to do things.  The only problem is, no matter what I try, I can't
> log in as that user.
> 

Did you add that user to the very top root folder 'acl_users' User
folder?  If you added the user to a folder *below* the root folder, then
you can only log in at the same level as the user folder the user is
defined in.  This is a very important security feature.

> I would have thought I could just pull up a browser on another machine
> somewhere, point it at my laptop, and log in.  I can do this as
> the superuser, but not as the new user I created.  Not at all.  I don't
> see much in the docs about logging in as another user, either.  Nor do
> I even see how to log *out* once you log in as the superuser (help?).
> 

There is no concept of 'log out' with HTTP basic authentication.  You
log out when the server raises an 403 Unauthorized error.  Or you can
close the browser.  You see, Zope challenges you on EVERY request you
make, but web browsers are very nice (sometimes too nice) about caching
the userid and password you used and using it all over the place to try
and unlock any HTTP doors.  Note this is very different from a cookie
based authentication which some types of Zope products do.

-Michel