[Zope] Going from Zope 2.1.6 to 2.3.0: security issue

Randall F. Kern randy@spoke.net
Tue, 6 Feb 2001 11:19:39 -0800


try going to
http://yourserver/acl_users/setDomainAuthenticationMode?domain_auth_mode
=3D1

# Domain authentication support. This is a good candidate to
# become deprecated in future Zope versions.

-Randy
> -----Original Message-----
> From: Burwell, Becky <burwell@parc.xerox.com>
> [mailto:burwell@parc.xerox.com]
> Sent: Tuesday, February 06, 2001 10:35 AM
> To: 'zope@zope.org'
> Subject: [Zope] Going from Zope 2.1.6 to 2.3.0: security issue
>=20
>=20
> We are in the process of moving from Zope 2.1.6 to Zope 2.3.0
>=20
> We had some web pages that we wanted to restrict to people just at=20
> our research lab.=20
>=20
> We did this by creating a role called "localUsers". And then we added=20
> a user with a domain of *.parc.xerox.com that had the role of=20
> localUsers. This allowed anyone whose web browser was on a machine in=20
> *.parc.xerox.com to access the pages. This worked great in 2.1.6.
>=20
> When we brought up Zope 2.3.0 we find that we get prompted for an id=20
> and password when accessing web page that have our role localUsers=20
> applied to them. We can tell the user what to type, but it is=20
> annoying.
>=20
> What's the best way to restrict a set of pages to a particular domain=20
> without having to require the user to login?
>=20
> Thanks.
>=20
>=20
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -=20
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>=20