[Zope] Question about users...

Michel Pelletier michel@digicool.com
Fri, 30 Jul 1999 22:14:02 -0400


djb@redhat.com wrote:
> 
> >
> > Did you add that user to the very top root folder 'acl_users' User
> > folder?  If you added the user to a folder *below* the root folder, then
> > you can only log in at the same level as the user folder the user is
> > defined in.  This is a very important security feature.
> 
> Yes, I added the user at the very top level.  They have "manager" as a role.
> I've tried leaving Domains empty, adding "*", and adding "*.redhat.com", all
> without success.
> 

Hmm.  Somethings not configured right, your the only one out of a
thousand or so who have this particular problem.  Are you using Apache
with a rewrite rule?  That might be the problem.  I can assume your
running this on RedHat?  Well that's the platform we develop against.

> I also tried creating a folder and then adding a user there.  No dice.
> I presume that I *should* be able to create a folder called "junk",
> then create a user in that folder with proper privs, then log in to
> that folder with something like:
> 
> http://localhost:9673/junk/manage
> 
> Right?  It seems to want to do this, but all authentication attempts as
> anyone other than superuser fail.
> 

Send the complete HTML source of the error message.

> 
> Ahh, I see.  Any chance cookie authentication is going to be added to the
> base Zope as an option?

If someone writes it, or pays us to write it.  It's really quite
trivial.  The yet to be released Zope Portal Toolkit uses cookies
because they handle session concepts better.

> Are those "add on products" free as well?  If
> so, where would one find them?

UserDB, which stores users in relational databases, works with HTTP
Basic and cookie.  It's free and available on the website.  There are a
few other cookie oriented products like cookie cutter.

-Michel