[Zope] Ahaaaa! Success Startup Authentication !!

Michel Pelletier michel@digicool.com
Mon, 14 Jun 1999 09:45:02 -0400


> -----Original Message-----
> From: Robert Canary [mailto:rwcanary@ohiocounty.net]
> Sent: Monday, June 14, 1999 4:22 AM
> To: Michel Pelletier
> Cc: zope@zope.org
> Subject: Re: [Zope] Ahaaaa! Success Startup Authentication !!
> 
> 
> Yes you are correct "The docs are correct".  The problem 
> was/is: If one
> changes the access file then they *must* stop the pcgi.  Thus 
> forcing it to
> restart from a called request and it will read the access file agian.
> 

Yep.  The access file is read at startup.  If Zope stat()ed the file on
every request (to see if it had changed) the performance would be
dismal.  This is not unlike almost every other server program out there.

-Michel

> Michel Pelletier wrote:
> 
> > > -----Original Message-----
> > > From: Robert W. Canary [mailto:rwcanary@ohiocounty.net]
> > > Sent: Friday, June 11, 1999 11:38 PM
> > > To: zope@zope.org
> > > Subject: [Zope] Ahaaaa! Success Startup Authentication !!
> > >
> > >
> > > Okay,   I think I know what is causing the trouble.
> > >
> > > I found one thing that did not quit work the way the zope 
> docs said.
> > > You should be able to *not* include the domain name in 
> the access file
> > > (eq superuser:123)   I finally got to the point (agian) 
> where I kept
> > > getting the  failed authorization.  Except this time when 
> I clicked
> > > cancel I did not get the message that there was no
> > > Authorization header
> > > found.  Instead it said the username and password supplied were
> > > incorrect.   So I went back into the 
> /var/local/Zope/access file and
> > > changed it to rwcanary:xxxxx:*.ohiocounty.net and it WORKED!
> > >
> >
> > The Zope docs are correct, you are not required to use a domain name
> > spec, this is the way I and probably 90% of the people on 
> this list use
> > it.  Are you sure you had the right password typed in there 
> in the first
> > place?
> >
> > > I have one question?  After I log onto the "/Zope.cgi/manage"
> > > I can exit
> > > and then go backto /Zope/Zope.cgi/manage it goes directly 
> to it.  It
> > > does not ask me for a username and password anymore.  Why?
> > >
> >
> > Zope does ask your browser for authentication, but your 
> browser (most
> > browsers do this) caches the HTTP Basic authentication 
> information for
> > you.  If it didn't do this, you would need to autheticate 
> yourself on
> > every reqeust.  Remember, HTTP is *stateless*.  There is no 
> conecpt of
> > "logging in" because being logged in would imply state.  
> You may have
> > been tricked in the past into believing there was state 
> involved by such
> > trickery as Basic auth header caching and cookies.
> >
> > -Michel
> >
> > > --
> > > robert canary
> > > system services
> > > OhioCounty.Net
> > > rwcanary@ohiocounty.net
> > > (270)298-9331 Office
> > > (270)298-7449 Fax
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > Zope maillist  -  Zope@zope.org
> > > http://www.zope.org/mailman/listinfo/zope
> > >
> > > (For developer-specific issues, use the companion list,
> > > zope-dev@zope.org - 
http://www.zope.org/mailman/listinfo/zope-dev )
> >
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://www.zope.org/mailman/listinfo/zope
>
> (For developer-specific issues, use the companion list,
> zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )

--
robert canary
system services
OhioCounty.Net
rwcanary@ohiocounty.net
(270)298-9331 Office
(270)298-7449 Fax



_______________________________________________
Zope maillist  -  Zope@zope.org
http://www.zope.org/mailman/listinfo/zope

(For developer-specific issues, use the companion list,
zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )