[Grok-dev] Grokwiki Security in Eggified Grok

Uli Fouquet uli at gnufix.de
Sat Aug 18 01:42:09 EDT 2007 

Hi Steve,

Am Freitag, den 17.08.2007, 22:00 -0700 schrieb Steve Schmechel:
> It used to be that editing securitypolicy.zcml and principals.zcml in
> parts/instance/etc and adding "grok.define_permission" and
> "grok.require" statements to the code, allowed one to require
> authentication with proper permissions in order to edit pages.
> 
> Using current trunk code, it appears that the security directives go
> into the buildout.cfg and are then copied into
> parts/grokwiki/site.zcml.  However, tese settings seem to have little
> effect.  (Even changing just the manager password that is built by
> default.)
> 
> Instead of the app causing the browser to display a login/password
> dialog when trying to edit, the browser is redirected to the admin
> page, where a form-based login and password only responds to the
> original grok/grok authentication.
> 
> Am I missing something simple?  Has something changed due to the new
> (much nicer) admin page?

Yes, something changed. The admin-UI installs a different Pluggable
User-Authentication (PAU) on setup. Unfortunately no 'native' editing of
the users and their passwords is currently possible.

You can use the Zope3 ZMI to set values in the PAU like this:

- After login (with your old credentials) go to 
        http://localhost:8080/@@contents.html
- Click 'Manage Site'
  You should see an 'authentication' item.
- Click 'authentication'
  Here you can change the Credential Plugins if you like. For example 
  you can disable 'Session Credentials' and 'No challenge if...', which 
  should give you back the old basic-auth behaviour (Zope will fall 
  back to this using the site.zcml if I remember correctly).
- Click 'Plugins' in the tabs on top of the page.
  You should see a 'Users' object.
- Click 'Users' and you should see the 'Manager' principal.
- If you click it, you can edit the password etc.

>   What is the proper way to apply security to
> specific operations?  

It should stay the same, as it was. I have to investigate this further
and will tell you, what I found out.

Your observation is very important! Thanks for the report!

Kind regards,

-- 
Uli

More information about the Grok-dev mailing list