It's not a bug, in fact it's a cool way to allow different types of anonymous users. That's not to say that it's a fool-proof way of doing it, but it generally works, as long as you don't rely on it for any sort of security ;) .

The thing is that in later zope versions the functionality has been turned off by default, and (at least for 2.6.2) you have to turn it on manually, like so:


The docstring for this method (from a zope 2.7.0 install) is as follows:

"""Set the domain-based authentication mode. By default, this mode is off due to the high overhead of the operation that is incurred for all anonymous accesses. If you have the 'Manage Users' permission, you can call this method via the web, passing a boolean value for domain_auth_mode to turn this behavior on or off."""

btw, the method is in <zope>/lib/python/AccessControl/



Andreas Jung wrote:
I think you are describing a flaw that had been removed in older versions.
Does not sound like a feature but like a bug...


--On Dienstag, 9. März 2004 13:31 Uhr +0100 Juan Javier Carrera Obrero <[EMAIL PROTECTED]> wrote:


In Zope 2.4 or older versions when a user is created, if you specify a
domain and leave the password for a user blank, then anyone from the
permitted domains automatically gets the user's roles without having to
log in.

However, it is not possible in Zope 2.7. I have created a user specifying
a domain and leave the password for this user blank, and although I am in
the domain, I have to log in.

Anybody help me about it ? How can I create a user, specifying a domain,
and if the user is in the domain does not have to log in?


Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - )

Reply via email to