[Zope] etcUSERfolder

mindlace mindlace@imeme.net
Tue, 04 Apr 2000 11:38:41 -0600


Hugo Ramos wrote:
> 
> ----- Original Message -----
> From: "mindlace" <mindlace@imeme.net>
> To: "Hugo Ramos" <hramos@ruido-visual.pt>
> Sent: Tuesday, April 04, 2000 3:15 PM
> Subject: Re: [Zope] etcUSERfolder
> 
> > You need to have a file inside your zope root called etcUsers that has a
> > user file (it can be different for each etcUsers instance).  This file
> > has to have a colon delimited file that has username and password.  You
> > can hack zpassword.py to create this file if you need to.
> 
> Let's suppose i want to authorize users from a shadow file in a Linux box
> using etcUsersFolder !

Zope won't talk to anything outside of it's folder.  You can link from
shadow to zope/etcUsers/link and then add whatever user you're using to
run zope to the shadow group, but this is a *security*risk* that could
allow someone who exploits zope to gain control of your machine.  How
they would do that, I dunno, but at the very least use zope 2.1.6.

> Everything normal. but i don't want to use the etcUsersFolder (basic/cookie) authentication.

Well, it sounds like you're trying to push it a bit hard.  If you're set
on writing your own authentication method, you should try the Generic
User Folder.

> I want to write my own authentication method with out
> Acquire permission settings from top of Zope root. I'm having lots of
> problems doing this...

If you just don't want "aquire permission settings", all etcUsers have
the role "etcUser" so you should be able to affect which folders have
what etcUser role.

boa sorte,
-- 
ethan mindlace fremen        mindlace@imeme.net
zope    -&-     imap email   -&-   mailing list
weave your web with the web at http://imeme.net