[Zope] Authentication depending on client domain ?
Dieter Maurer
dieter@handshake.de
Fri, 28 Dec 2001 17:29:05 +0100
Gilles Lenfant writes:
> This is perhaps not a strict Zope problem, but I need to have some parts of
> an extranet wiewable WITHOUT authentication from the LAN but WITH
> authentication from Internet.
> Has someone an idea for this ?
Zope could do that in earlier versions automatically:
If a user had an empty password and a domain restriction,
requests from this domain were authenticated automatically
as this user.
It was considered a security hole (request IP addresses can quite
easily be forged) and disabled by default.
There is a method that enables the previous behaviour.
Search the mailing list archives or look at the sources
("AccessControl.User") to find its name.
Dieter