[Zope] Apache + Zope + Authentication

Erick Mechler emechler@rescomp.berkeley.edu
Sun, 14 Nov 1999 19:43:55 -0800 

Disclaimer:  I have read 3 months worth of mailing list archives to no
avail.  Any help on the following problem will be much appreciated.

I am trying to configure mod_rewrite to pass authentication information to
Zope.  Here is the current state of things:


Relevant section from httpd.conf:
---------------------------------

<Directory "/">
	Options FollowSymLinks
	AllowOverride None
	Order deny,allow
	Deny from all
	# allows Apache to pass authentication headers to zope
	RewriteEngine on
	RewriteCond %{HTTP:Authorization} ^(.*)
	RewriteRule ^/(.*) $1 [ENV=HTTP_CGI_AUTHORIZATION:%1]
</Directory>

RewriteLog /var/log/apache/rewrite_log
RewriteLogLevel 9

Zope.cgi
--------

#!/export/opt1/zope-2.0.1/pcgi/pcgi-wrapper
PCGI_NAME=Zope
PCGI_MODULE_PATH=/export/opt1/zope-2.0.1/lib/python/Zope
PCGI_PUBLISHER=/export/opt1/zope-2.0.1/pcgi/pcgi_publisher.py
PCGI_EXE=/opt/bin/python
PCGI_SOCKET_FILE=/export/opt1/zope-2.0.1/var/pcgi.soc
PCGI_PID_FILE=/export/opt1/zope-2.0.1/var/pcgi.pid
PCGI_ERROR_LOG=/export/opt1/zope-2.0.1/var/pcgi.log
PCGI_DISPLAY_ERRORS=1
BOBO_REALM=/export/opt1/zope-2.0.1/Zope.cgi
BOBO_DEBUG_MODE=1
INSTANCE_HOME=/export/opt1/zope-2.0.1

Some other information
----------------------

Zope-2.0.1 is installed into /export/opt1/zope-2.0.1/.  Web server
document root is in /export/www, with HTML and cgi's in
/export/www/{docs,cgi-bin}, respectively.

After starting ZServer with pcgi enabled, I can connect to
http://my.server.name:8080/manage and enter in the superuser name and
password.  This works perfectly which means that Zope is correctly
configured to handle authentication of the superuser.

If I shutdown ZServer and go to http://my.server.name/cgi-bin/Zope.cgi, I
get the "Welcome to Zope" screen.  However, if I try to enter
http://my.server.name/cgi-bin/Zope.cgi/manage with the same superuser name
and password, I'm denied access.  This leads me to believe that the
problem is with Apache passing off the authentication duties to Zope.

If you need more information, please let me know.  My head's sore from
banging it up against the wall in my office =)  Thanks in advance.

Regards,
Erick Mechler