[Zope-dev] Specify a domain and leave the password for a user
blank
Phil Harris
phil at harris-family.info
Tue Mar 9 07:59:46 EST 2004
It's not a bug, in fact it's a cool way to allow different types of
anonymous users. That's not to say that it's a fool-proof way of doing
it, but it generally works, as long as you don't rely on it for any sort
of security ;) .
The thing is that in later zope versions the functionality has been
turned off by default, and (at least for 2.6.2) you have to turn it on
manually, like so:
http://your.server/acl_users/setDomainAuthenticationMode?domain_auth_mode=1
The docstring for this method (from a zope 2.7.0 install) is as follows:
"""Set the domain-based authentication mode. By default, this
mode is off due to the high overhead of the operation that
is incurred for all anonymous accesses. If you have the
'Manage Users' permission, you can call this method via
the web, passing a boolean value for domain_auth_mode to
turn this behavior on or off."""
btw, the method is in <zope>/lib/python/AccessControl/User.py
hth
Phil
Andreas Jung wrote:
> I think you are describing a flaw that had been removed in older versions.
> Does not sound like a feature but like a bug...
>
> -aj
>
> --On Dienstag, 9. März 2004 13:31 Uhr +0100 Juan Javier Carrera Obrero
> <jcarrera at uco.es> wrote:
>
>> Hi,
>>
>> In Zope 2.4 or older versions when a user is created, if you specify a
>> domain and leave the password for a user blank, then anyone from the
>> permitted domains automatically gets the user's roles without having to
>> log in.
>>
>> However, it is not possible in Zope 2.7. I have created a user specifying
>> a domain and leave the password for this user blank, and although I am in
>> the domain, I have to log in.
>>
>> Anybody help me about it ? How can I create a user, specifying a domain,
>> and if the user is in the domain does not have to log in?
>>
>> Thanks.-
>>
>>
More information about the Zope-Dev
mailing list