[Zope-PAS] Installing Plone PAS in Plone site overwrite base acl_users and sites acl_users

Sidnei da Silva sidnei at enfoldsystems.com
Fri Nov 11 10:42:27 EST 2005


On Fri, Nov 11, 2005 at 10:39:13PM +0800, Tom Hallam wrote:
| Just tried PlonePAS on a test site (clean install 2.1.1 on current Zope 
| 2.8.x) and was getting an assertion error when using quick installer. 
| I'd done my normal setup of using a different user name and password for 
| the zope admin account and the plone admin account.  Just to try 
| something else ... I decided to log into the plone site using the 
| acquired admin account from the Zope install -> No error but it 
| overwrote both the Zope and Plone acl_users.
| 
| Is this normal for PlonePAS?
| Why?
| Does it mean that all plone sites on a zope instance must use PlonePAS?

Your problem is not related to Plone or PlonePAS.

Basically if you are using PAS and you want to authenticate with a
user that is not defined in PAS user folder in the context you are
trying to log in but in a upper level user folder, then you might not
be able to login if that user folder is not a PAS one in some setups.

Why? Because what happens is:

 1. Page requires authentication
 2. The PAS closer to your location issues a challenge
 3. PAS extracts the credentials and tries to authenticate, but fails
    because the user is defined in a upper level user folder.
 4. Now, if the upper level user folder is a standard user folder, not
    PAS, it can't extract the credentials from the request because
    'its too late' in the request to do that. However if it is a PAS
    then it can because of the way PAS was designed.

There is a thread from a couple months ago where I explained this in
better detail.

-- 
Sidnei da Silva
Enfold Systems, LLC.
http://enfoldsystems.com


More information about the Zope-PAS mailing list