Hi folks. We're setting up Plone on an internet server, so we need logins to be done securely (via SSL). I'm following the guide put out by Penn State (https://weblion.psu.edu/trac/weblion/wiki/InstallPloneForProduction), which has a lot of good information. I'm pretty much there, but I seem to be stuck now.
I've configured the server to have Apache (2.2) redirect requests to Plone (with RewriteRules). I've installed the WebServerAuth product to redirect login traffic over https, and to have Plone accept Apache's authorizations. Unfortunately, though I can log into the Plone site as the admin user (once i created one on the web server), Plone doesn't seem to recognize it as a privileged user, and I don't get a Site Setup link. Having the web server handle authentication isn't actually the ideal setup for us... since we don't have any centralized authentication system to hook into, setting up users and changing passwords is very low-level and manual (using Apache's Basic, file-based auth). In Penn State's documentation, there's a blurb that reads: "If you don't want to Delegate Authentication to Apache, you should still use SSL to encrypt the transmission of passwords. To automatically redirect your users to the HTTPS version of your site when they need to authenticate, use Web Server Auth." Unfortunately, I couldn't find any further information anywhere about how to do this; that is, to have Plone handle the users but use WebServerAuth to direct login traffic to https. So if anyone has experience here, I could really use some assistance in solving one of the two problems: 1. (preferable) Set up Plone to handle its own authentication, but do it securely over https. 2. (otherwise) Get Plone to recognize a privileged user logged in via Apache. Thanks for any help. -David Murphy -- View this message in context: http://n2.nabble.com/Setting-up-secure-logins.-tp3232979p3232979.html Sent from the Installation, Setup, Upgrades mailing list archive at Nabble.com. _______________________________________________ Setup mailing list [email protected] http://lists.plone.org/mailman/listinfo/setup
