[Zope-CMF] how does Members folder force login?

[marc lindahl]

> If you try to view something for which you don't have the permission,
> Zope throws an Unauthorized exception, which generates a basic
> authentication box.

Sometimes... other times it gives you the (hard-coded) Unauthorized error
page.

> The CMF has a CookieCrumbler in it, which
> intercepts the exception, and redirects to a login form instead.  So
> check out the cookie crumbler.

Sure, I see where it does that in standard_html_header, but then I don't see
anything special about the Security settings for the Members folder...