[Zope-CMF] Login oddities

Dieter Maurer dieter@handshake.de
Thu, 20 Feb 2003 21:44:55 +0100


Greg Ward wrote at 2003-2-20 10:46 -0500:
 > On 20 February 2003, To zope-cmf@zope.org said:
 > > ...so I'm still trying to create a "members-only" CMF site, and not
 > > having much luck.  Here's the latest problem: if I create a user with
 > > role "Manager" or "Member", I can login with that user ID -- but if that
 > > user is an "Owner" or "Reviewer", no dice.
 > 
 > Update: this problem doesn't appear to have anything to do with the
 > "members-only" site: I created yet another brand-new CMF site, and
 > didn't touch any privileges or the login form this time.  Added a user
 > for each role: man (Manager), member (Member), owner (Owner) and rev
 > (Reviewer), as well as 'luser' with no roles.
 > 
 > 'man' and 'member' can login just fine.  'owner', 'rev', and 'luser'
 > cannot login at all.  Nothing is logged, and there's no information on
 > the regenerated login form.
 > 
 > So what's going on here?  Does user authentication even work in CMF 1.3?

I do not know, but I can tell you how to find out:

  *  Install Shanes "VerboseSecurity" product (and follow its installation
     rules).

  *  Disable cookie logins (by clearing the "login form" field in
     CookieCrumbler). This forces basic HTTP authentication.

  *  Refuse to relogin when your browser pops up the login dialog.

     "VerboseSecurity" should tell you on the resulting page
     precisely what you tries and why it has not been successful.


Dieter