[Zope] Password Overlap
Dan Shafer
dan@danshafer.com
Mon, 25 Nov 2002 11:10:38 -0800
I have painted myself into a nifty corner.
My client's site is protected at the root by an acl folder. Those who
are not in the acl folder have view privileges only. This works fine.
I just added a new feature to my client's site. He wants this
capability available to anyone to whom he gives a specific password. I
wrote a Python script that generates the password and a page for my
client to auto-generate a new random password and to see what the
current password is. This works fine as well.
The problem is, since I'm not even asking people for a user name here,
only a password, and since the site is protected from access via the
acl folder, his clients can't get past the password screen because the
acl logic presents a challenge for a user name and password which, of
course, these folks don't have.
It occurred to me at one point that I could define an acl user called,
e.g., "client" and then perhaps revise the Python script so that
instead of storing the newly generated password in a DTML document, it
would update the password property for that user in the acl folder. But
it wasn't very obvious to me how to do that. And while I don't *mind*
having them have to type in a generic user name, it's more elegant if
they don't have to do so.
What's the easiest way to address this issue? I looked through a year's
worth of email digests and I searched zope.org, but I couldn't find an
answer.
Thanks.