Todd Wilson wrote:
I just joined the list, and I am following up on a post in the archive (sorry -- there wasn't a way to do this directly, so I don't know if this message will end up in the same thread).


On 10/1/05, Lennart Regebro <regebro at gmail.com> wrote:
On 10/1/05, Milind Khadilkar <zedobject at gmail.com> wrote:
>
>  I have installed Zope 3.1 rc 3. After logging in, I could not find any
> logout button.

There is no way to consistently log out from Basic HTTP authorization...

> Is it OK to directly shut the browser window ( I am using Firefox)?

Yup.

I am writing for clarification on Lennart's answer to Milind's question. In the many screenshots of the ZMI that can be seen in Philip von Weitershausen's book ("Web Component Development with Zope 3", Springer, 2005), one can definitely see "[Logout]" in the upper-right corner of the ZMI page. Like Milind, however, my installation of Zope 3.1.0 does not have this link in its ZMI pages.

Is the absence of "[Logout]" in the latest version(s) because the developers realized that it was misleading (as Lennart is suggesting) and best left off, or is there another reason? Given the sensitive nature of some Zope deployments, the management password seems very well worth protecting. How about using a secure login (e.g., https) and sessions, which is capable of supporting a true logout?

You can try the pluggable auth util (PAU)...

To add one to your site
 Manage Site -> Site Management -> Authentication (Unique Utilites)

Add a Session Credentials Plugin
 Manage Site -> tools -> PluggableAuthentication
 Edit the form to add 'Session Credentials' and submit Change

You'll now get a sessions based login form when you login to that site.

But you'll now need a 'Authenticator Plugin' to get in ... you can add a
Principal Folder Plugin to the PAU, then add principal(s) to it.

To get a [Logout] link you'll need to add the following zcml directive..

  <adapter
      for="zope.publisher.interfaces.browser.IBrowserRequest"
      factory="zope.app.security.LogoutSupported"
      />

As for the https you could use apache as a proxying front end.  I
believe the current dev. version of zope 3.2 uses twisted which may
offer https services, but I know next to nothing about it.

Hey I just realised I missed something, how do you assign roles to
principles using a PrincipleFolder above?


_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users

Reply via email to