# HG changeset patch
# User paulb
# Date 1095613963 0
# Node ID 2f11271cbe1cd43d9ce1f93f2ba7b37defc65c36
# Parent  772c97dd235244291de4fcb0070660b05ce0f5fb
[project @ 2004-09-19 17:12:43 by paulb]
Added notes about Zope and authenticators.

diff -r 772c97dd2352 -r 2f11271cbe1c docs/Zope/NOTES.txt
--- a/docs/Zope/NOTES.txt	Sun Sep 19 17:12:37 2004 +0000
+++ b/docs/Zope/NOTES.txt	Sun Sep 19 17:12:43 2004 +0000
@@ -21,3 +21,27 @@
 URL; for example:
 
 http://localhost:8080/test
+
+--------
+
+Authentication/authorisation in Zope:
+
+Like mod_python (and Apache), Zope prevents application-level control over
+HTTP Basic authentication. However, the authenticator approach can still be
+used to control access to resources. When the Auth example is deployed in a
+normal "public" folder in a Zope instance, it is possible to merely supply the
+desired username and any password to satisfy the elementary security check.
+However, should the Auth example be deployed in a folder with its own access
+controls, then all access to the application must first go through the Zope
+security checks (which entail the proper authentication of the user through
+the validation of the user's password) before being validated by the
+elementary security check performed in the AuthAuthenticator class.
+
+To set up such a protected folder, do the following in the Zope management
+interface:
+
+  * Choose "Folder" in the menu of objects to add.
+  * Choose an "Id" and "Title", and to "Create user folder", then "Add".
+  * Choose the new folder.
+  * Add appropriate users to the "acl_users" folder inside the new folder.
+  * Add WebStack resources to the new folder.