Say I have a user in a root acl_users folder (call it 'admin'). I also
have a PAS user folder in a sub-object of the root. This PAS is
configured to do cookie auth, and users will typically login using a form.
Now, if I try to log in as 'admin' in that form, it doesn't work. I
think this is why:
- credentials are supplied via a form to the PAS cookie auth plugin
- there is no such user, so it fails
- 'validate' returns None, so Zope goes to the next user folder (which
the basic in the root where 'admin' lives)
- that one tries to validate but gets nothing: it looks for HTTP basic
credentials, but finds nothing, since login is form based
Does this sound about right? Anybody have a strategy to get around this?
Enfold Systems, LLC
Zope-PAS mailing list