[Zope-CMF] Login oddities

Dieter Maurer dieter@handshake.de
Thu, 20 Feb 2003 21:44:55 +0100

Greg Ward wrote at 2003-2-20 10:46 -0500:
 > On 20 February 2003, To zope-cmf@zope.org said:
 > > ...so I'm still trying to create a "members-only" CMF site, and not
 > > having much luck.  Here's the latest problem: if I create a user with
 > > role "Manager" or "Member", I can login with that user ID -- but if that
 > > user is an "Owner" or "Reviewer", no dice.
 > Update: this problem doesn't appear to have anything to do with the
 > "members-only" site: I created yet another brand-new CMF site, and
 > didn't touch any privileges or the login form this time.  Added a user
 > for each role: man (Manager), member (Member), owner (Owner) and rev
 > (Reviewer), as well as 'luser' with no roles.
 > 'man' and 'member' can login just fine.  'owner', 'rev', and 'luser'
 > cannot login at all.  Nothing is logged, and there's no information on
 > the regenerated login form.
 > So what's going on here?  Does user authentication even work in CMF 1.3?

I do not know, but I can tell you how to find out:

  *  Install Shanes "VerboseSecurity" product (and follow its installation

  *  Disable cookie logins (by clearing the "login form" field in
     CookieCrumbler). This forces basic HTTP authentication.

  *  Refuse to relogin when your browser pops up the login dialog.

     "VerboseSecurity" should tell you on the resulting page
     precisely what you tries and why it has not been successful.