[Zope] Going from Zope 2.1.6 to 2.3.0: security issue
Randall F. Kern
randy@spoke.net
Tue, 6 Feb 2001 11:19:39 -0800
try going to
http://yourserver/acl_users/setDomainAuthenticationMode?domain_auth_mode
=3D1
# Domain authentication support. This is a good candidate to
# become deprecated in future Zope versions.
-Randy
> -----Original Message-----
> From: Burwell, Becky <burwell@parc.xerox.com>
> [mailto:burwell@parc.xerox.com]
> Sent: Tuesday, February 06, 2001 10:35 AM
> To: 'zope@zope.org'
> Subject: [Zope] Going from Zope 2.1.6 to 2.3.0: security issue
>=20
>=20
> We are in the process of moving from Zope 2.1.6 to Zope 2.3.0
>=20
> We had some web pages that we wanted to restrict to people just at=20
> our research lab.=20
>=20
> We did this by creating a role called "localUsers". And then we added=20
> a user with a domain of *.parc.xerox.com that had the role of=20
> localUsers. This allowed anyone whose web browser was on a machine in=20
> *.parc.xerox.com to access the pages. This worked great in 2.1.6.
>=20
> When we brought up Zope 2.3.0 we find that we get prompted for an id=20
> and password when accessing web page that have our role localUsers=20
> applied to them. We can tell the user what to type, but it is=20
> annoying.
>=20
> What's the best way to restrict a set of pages to a particular domain=20
> without having to require the user to login?
>=20
> Thanks.
>=20
>=20
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -=20
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>=20