On Mon, Nov 14, 2005 at 12:54:50PM +0100, Dario Lopez-Kästen wrote:
| Sidnei da Silva wrote:
| >On Mon, Nov 14, 2005 at 11:12:31AM +0800, Tom Hallam wrote:
| >| I infer from the above that the replacement of both user folders is a 
| >| design decision.  The implication of this is that if you have multiple 
| >| sites on the same Zope install all instances have to be PAS regardless 
| >| of what your actual authentication needs are :-( .  I should be able to 
| >| keep a simple acl_users folder in the zope root if I'm happy with 
| >| limitations given above.  The install program should not force this.
| >
| >Not sure what to say. Your requirement is weird to say the
| >least. We've decided for the path of less confusion.
| >
| >99% of the Plone (or 'CookieCrumbler', as this affects any user of
| >cookie-based authentication) users would expect to be able to log in
| >with a user from a user folder in the root, which *is*
| >backwards-compatible behavior. What you want is not
| >backwards-compatible behaviour IMHO, so my opinion is that you will
| >have to fix that yourself if you want that policy to be supported.
| >
| err... that requirement is not at all wierd, and I am not sure that you 
| are talking about different things...
| Does this mean, that in any Zope ZODB where I have such a Plone 
| instance, the Plone instance imposes it's acl_users on the ROOT of the 
| Zope install?

No, PlonePAS migrates the acl_users on the 'first found above' to be a
compatible PAS acl_users setup, with existing users migrated, only if
it's a standard 'User Folder'.

| Or is it that if I use PAS, *all* user folders at any 
| level in the ZODB have to be PAS in that particular ZODB, regardless of 
| at which level I use a PAS acl_users?

No, that's not the case.

Sidnei da Silva
Enfold Systems, LLC.
Zope-PAS mailing list

Reply via email to