[Zope] Newbie: .authenticate() won't work

[Toh Wanda]

Hi!

I'm exploring Zope for only 2 weeks, so I'm quite a Newbie. I worked myself 
through "The Zope Book" (till they started with Python, I'm keeping that for 
later) and right now I'm reading the german "Zope" book by beehive. And I 
get stuck.

What I want to do:
I want users to be able to change their passwords, but only their own one. 
So they have to enter their username and password to get to a page with a 
form where they can enter the new password, if the given password for the 
username was correct.

How:
I try to check this (as described in the book) with:
<dtml-if 
expr="acl_users.getUser(REQUEST.form['Name']).authenticate(REQUEST.form['Passwort'],REQUEST)">

Problem:
When I'm submit my form (with 'Name' and 'Passwort') I mysteriously get the 
Zope login popup (although I'm logged in as manager). And even if I enter my 
Password I get the PopUp again and again. After the third time I get 
eventually an error saying:

Unauthorized: authenticate

in the last line.
If I view without the "manage" I don't get a Popup but:

Error Type: TypeError
Error Value: unhashable type

rightaway.

Excluded problem sources:

The variables are there. Spelling is correct. I can do all the other things 
(getUser, getRoles, etc.) without problems, only the "authenticate" is 
incooperative.
I checked all security and permission tabs, but didn't find anything 
unnormal.
It doesn't matter whether I try to check the Username I am logged in as, or 
a different one.

So, did anyone have similar problems. Has "authenticate()" a special 
position, needs more permissions than the others?
I just don't see why e.g. "getUser()" should be more restricte than 
"authenticate()".

Or am I standing on the Schlauch here ;-) / not getting the point?

TIA, have a nice day/morning/night, Toh!

_________________________________________________________________
Downloaden Sie MSN Explorer kostenlos unter http://explorer.msn.de/intl.asp