[Zope] Zope authentication problem

Ken Weiss ken.weiss@ucop.edu
Wed, 08 Mar 2000 10:48:54 -0800


I apologize in advance for this note. I know this topic has come up 
several times in the archives, and I swear I've read every post, 
every how-to, and every other bit of documentation I can find. I 
can't get past the management screen authentication for Zope with 
Apache.

Here's my environment:

OS:		RedHat Linux 6.1

Zope: 		version 2.1.4, installed from Jeff Rush's RPMs (thanks, Jeff)

Zope PCGI:	version 2.1.4, also from Jeff Rush's RPMs (thanks again, Jeff)

Apache:		version 1.3.9, installed from the Red Hat RPMs (both base
		and devel RPMs are installed)

Python:		version 1.5.2, from the Red Hat RPMs


I'm configured as follows:

Zope install directory:		/var/zope

Zope.cgi:			copied to /home/httpd/cgi-bin/Zope
				(not a symlink, and renamed 'Zope')

access file:			/var/zope/access, contains:
				admin:cleartextpassword

httpd.conf contains:

RewriteEngine on
RewriteCond %{HTTP:Authorization}  ^(.*)
RewriteRule ^/static/(.*)   /home/httpd/html/$1 [l]
RewriteRule ^/Zope(.*) /home/httpd/cgi-bin/Zope$1 
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]

(that last line is all one long line, and I'm pretty sure I've sorted 
out the ls and the 1s properly)



Zope is launched with the following command:

cd $INSTANCE_HOME  (/var/zope)
/usr/bin/env python z2.py               \
         -z      /usr/share/zope         \
         -u      zope                    \
         -Z      /var/run/zwatchdog.pid  \
         -p      /home/httpd/cgi-bin/Zope \
         -w      ''                      \
         -f      8021                    \
         -m      ''                      \
         -l      /var/log/zope           \
         2>&1 >> /var/log/zope           \
         &

I can access all my other (non-Zope) CGI programs normally. I can 
access my static html with URLs of the form:

	http://server.ucop.edu/static/some_silly_url.html

So, I'm pretty sure that both CGI and the rewrite modules are 
installed, configured, and working properly. I can run Zope and see 
the QuickStart materials, so I'm pretty sure that the basic Zope 
installation is correct. But I can't get authenticated to Zope. 
There's nothing in the logs for httpd or Zope that looks interesting 
to me:

httpd - access_log:

207.212.67.31 - - [08/Mar/2000:10:14:18 -0800] "GET 
/cgi-bin/Zope/manage HTTP/1.0" 401 1388

Zope log (syslog messages file):

Mar  8 10:14:18 akpi ZServer[24689]: 127.0.0.1- - 
[08/Mar/2000:18:14:18 -0700] "GET /manage" 401 1782

/var/log/zope is empty.


I've tried about a zillion other things, including installing the 
Zope binaries instead of the RPMs, and installing and building the 
Zope source. In every case I end up with the same result. Zope 
doesn't accept the authentication. One oddity I noticed is that if I 
access Zope through:

	http://server.ucop.edu/Zope

it immediately requests authentication. It doesn't even show me the 
opening screen or allow me to browse the QuickStart. If I dodge 
around the RewriteRule by going directly to:

	http://server.ucop.edu/cgi-bin/Zope

then it doesn't ask for authentication until I try to hit the 
management screen.

I should probably add that I tried using the built-in Zserver Python 
package and it worked fine. I haven't tried Zap. I would prefer to 
use Apache because I want to serve a mixture of legacy HTML and Zope 
content. I would prefer to use my own Apache instead of Zap because 
in general I'm not comfortable with using a package that I can't 
maintain at the current release level. Zap Apache trails plain Apache 
releases, at least by a little bit. I've tried a whole raft of 
variations on the rewrite rules in Apache. I'm stuck.

Anybody out there been through this already?


--Ken


-------------------------------------------------------------------------
Ken Weiss                                              ken.weiss@ucop.edu
California Digital Library Technologies            (510) 710-3356 (voice)
UC Office of the President                           (510) 763-2471 (fax)
1111 Franklin Street #7313B          ken.weiss.pager@ucop.edu (text page)
Oakland, CA  94607-5200              http://dcas.ucdavis.edu/kenhome.html

PGP public key stored at:
           ldap://certserver.pgp.com
           http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=ken+weiss