Posted Apr 16, 2009
WebServerAuth 1.2 makes login_form do the right thing
No longer can the “Log in to add comments” button present a misleading login form.
The faulty button mocks me, safe beneath a horizontal rule.
For those not familiar with it, WebServerAuth is a product that lets Plone delegate authentication concerns to the web server: handy for Kerberos and such. One of our partners noticed a Plone behavior the other day that sort of circumvents it: no matter what you do to the login action in portal_actions, the "Log in to add comments" button still points to login_form. Today’s release of WebServerAuth works around this by overriding login_form to make it throw a redirect to wherever you've configured. Fixing this in Plone itself is also on my long list.
The 1.2 release of WebServerAuth also brings support for deeper-than-portal-level acl_users folders, in case you're crazy enough to make them. And it maintains the pure-Zope compatibility of the previous release, so it works great with Zenoss.
