On Wed, Feb 01, 2006 at 05:09:58PM -0800, Dennis Allison wrote:
> Just moved all our systems to ZSyncer 0.7.0 and have encountered a 
> problem related to authentication.
> In our past setup, using ZSyncer 0.5.1, we use the ability to specify 
> a user:password to provide a single authorization mechanism that could be
> used by all of our developers.
> Now we've stumbled onto the fact that ZSyncer 0.7.0 has eliminated the
> optin al user:password specification.  Some of our users can use ZSyncer
> and others cannot.  It's not clear what authorization is being used -- I
> suspect it is ownership, but I have not investigated.

By default, it's the currently logged in user.

This requires that the same user/password exist on the destination Zope
as well.

If you don't want to do that, you can specify it in the destination
URLs.  This is described in a couple places in README.txt.

Advantage of this compared to the old way: You can use different
user/passwd on each of several destination servers.  (This was a use
case for the guy that made the change).

Disadvantage:  The password is in cleartext in the ZSyncer configuration
page in the ZMI.  If that's a problem, be careful who is allowed access
to that page :-)

I'm not crazy about the latter, but it gives the needed flexibility
and I haven't had time to create a UI that doesn't show it
in cleartext. If somebody comes up with patches I'll happily
apply them.


Paul Winkler
Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to