[Zope] Security acqusition voodoo

[Charlie Reiman]

I'm using Zope 2.5.1 and python 2.1.1 under solaris

I have a setup like this:
/root
 acl_users          # standard root UserFolder. Has a 'guest' account
 /protected
   hello            # simple dtml document
   acl_users        # UserFolder. Has 'user1' account
   /sub
     test           # simple dtml document


For protected, hello, sub, and test I have modified permissions on 'view' by
disabling 'acquire' and enabling 'authenticated'. Anonymous, manager, and
owner are cleared. Neither guest nor user1 owns any objects on the server.

When I visit hello, I am prompted for a password. 'user1' works fine.
'guest' also works, which doesn't make sense to me since I disabled
acquisition. The test document exhibits the same behavior.

Is it possible to make hello (or test) NOT recognize authentication from the
root acl_users folder? I understand it might not be a great idea (as it
would cripple administration) but it sure is odd.

Charlie Reiman