[Zope] Going from Zope 2.1.6 to 2.3.0: security issue
Burwell, Becky <burwell@parc.xerox.com>
burwell@parc.xerox.com
Tue, 6 Feb 2001 15:06:06 PST
This didn't work.
What is the better model to use if domain authentication support will be deprecated soon?
> -----Original Message-----
> From: Randall F. Kern [mailto:randy@spoke.net]
> Sent: Tuesday, February 06, 2001 11:20 AM
> To: burwell@parc.xerox.com; zope@zope.org
> Subject: RE: [Zope] Going from Zope 2.1.6 to 2.3.0: security issue
>
>
> try going to
> http://yourserver/acl_users/setDomainAuthenticationMode?domain
> _auth_mode
> =1
>
> # Domain authentication support. This is a good candidate to
> # become deprecated in future Zope versions.
>
> -Randy
> > -----Original Message-----
> > From: Burwell, Becky <burwell@parc.xerox.com>
> > [mailto:burwell@parc.xerox.com]
> > Sent: Tuesday, February 06, 2001 10:35 AM
> > To: 'zope@zope.org'
> > Subject: [Zope] Going from Zope 2.1.6 to 2.3.0: security issue
> >
> >
> > We are in the process of moving from Zope 2.1.6 to Zope 2.3.0
> >
> > We had some web pages that we wanted to restrict to people just at
> > our research lab.
> >
> > We did this by creating a role called "localUsers". And
> then we added
> > a user with a domain of *.parc.xerox.com that had the role of
> > localUsers. This allowed anyone whose web browser was on a
> machine in
> > *.parc.xerox.com to access the pages. This worked great in 2.1.6.
> >
> > When we brought up Zope 2.3.0 we find that we get prompted
> for an id
> > and password when accessing web page that have our role localUsers
> > applied to them. We can tell the user what to type, but it is
> > annoying.
> >
> > What's the best way to restrict a set of pages to a
> particular domain
> > without having to require the user to login?
> >
> > Thanks.
> >
> >
> > _______________________________________________
> > Zope maillist - Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > ** No cross posts or HTML encoding! **
> > (Related lists -
> > http://lists.zope.org/mailman/listinfo/zope-announce
> > http://lists.zope.org/mailman/listinfo/zope-dev )
> >
>