[Zope-CMF] Login oddities
Thu, 20 Feb 2003 21:44:55 +0100
Greg Ward wrote at 2003-2-20 10:46 -0500:
> On 20 February 2003, To email@example.com said:
> > ...so I'm still trying to create a "members-only" CMF site, and not
> > having much luck. Here's the latest problem: if I create a user with
> > role "Manager" or "Member", I can login with that user ID -- but if that
> > user is an "Owner" or "Reviewer", no dice.
> Update: this problem doesn't appear to have anything to do with the
> "members-only" site: I created yet another brand-new CMF site, and
> didn't touch any privileges or the login form this time. Added a user
> for each role: man (Manager), member (Member), owner (Owner) and rev
> (Reviewer), as well as 'luser' with no roles.
> 'man' and 'member' can login just fine. 'owner', 'rev', and 'luser'
> cannot login at all. Nothing is logged, and there's no information on
> the regenerated login form.
> So what's going on here? Does user authentication even work in CMF 1.3?
I do not know, but I can tell you how to find out:
* Install Shanes "VerboseSecurity" product (and follow its installation
* Disable cookie logins (by clearing the "login form" field in
CookieCrumbler). This forces basic HTTP authentication.
* Refuse to relogin when your browser pops up the login dialog.
"VerboseSecurity" should tell you on the resulting page
precisely what you tries and why it has not been successful.