[Zope] Zope and Apache (Authentication)

Michel Pelletier michel@digicool.com
Thu, 02 Sep 1999 13:37:08 -0400


Cobalt maillinglist wrote:
> 
> Hi!
> 
> I'm using zope 2.0 with apache 1.3.6.
> I can't get the authentication to work. I can access the normal
> directories, but not manage.
> 
> I have configured the Rewrite rules in my apache .conf-files. Apache sets
> the following env-variable: (from rewrite log)
> 
> 195.10.177.75 - - [02/Sep/1999:19:26:47 +0300]
> [www2.micasolutions.fi/sid#80c6f7c][rid#80d562c/initial] (5) setting env
> variable 'HTTP_CGI_AUTHORIZATION' to 'Basic bWljYTpib3l6Mm1lbg=='
> 
> I'm using the following rewrite-rules:
> 
> <Directory /home/httpd/html>
> RewriteEngine On
> RewriteCond %{HTTP:Authorization} ^(.*)
> RewriteRule ^Zope/(.*) /cgi-bin/Zope.cgi/$1
> [E=HTTP_CGI_AUTHORIZATION:%1,T=application/x-httpd-cgi,L]
> 
> ...
> </Directory>
> 
> ExecCGI is on and Zope.cgi is executable.
> 

I would suggest using RewriteLog, level 9, to track down the bug.

> How does Zope access the password/user information from the HTTP_CGI_AUTH
> variable, because it's crypted and it doesn't match the password in zope's
> access?
> 

It's not crypted, it's base64'ed plain text.  Zope's access file is
crypted however, but it can handle that.

-Michel

> contents of access file:
> 
> username:{SHA}Ngqe33rRJ5132clVpXf6T+CyMX8=
> 
> Kristoffer Michael
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://www.zope.org/mailman/listinfo/zope
> 
> (To receive general Zope announcements, see:
> http://www.zope.org/mailman/listinfo/zope-announce
> 
> For developer-specific issues, zope-dev@zope.org -
> http://www.zope.org/mailman/listinfo/zope-dev )