<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Dustin,<br>
<br>
I'll try quickly to reply here - good timing... I'm here in Atlanta for
3 days of a Plone conference - if I stumble on any additional info I'll
follow up with you as well.<br>
<br>
<blockquote type="cite">
<pre wrap=""> one is that it isn't working through apache yet, but
I haven't tried that and I suppose at worst I can ignore that for now.</pre>
</blockquote>
This will be doable - many folks run Zope (Plone) behind Apache. I had
an earlier version working thru Apache, but didnt set it up myself.
I'll be setting up our site to use Mod rewrite rules to do this - also
will put the site behind Apache SSL ( Plone/zope send password info in
the clear) There are a couple Howto's I've seen up on the Plone/Zope
sites<br>
<br>
<br>
<blockquote type="cite">
<pre wrap="">any connection to the Zope port is automagically
logged in as my admin user</pre>
</blockquote>
This is not right, for sure. One thing I've noticed is that even
though you use the 'log out' button, unless you exit your browser
(Firefox for me), you'll continue to remain connected at the next
login. <br>
<br>
As far as security - the default setup allows anonymous visitors to the
site 'join' (which is what you want I think). Also by default you
should NOT be able to do any posting until you 'join' the site. As far
as automagically bumping up a new users permissions to ADMIN - you
probably can do that with the (rather complex) permissions setups - but
I doubt its a good idea. I'd suggest letting the new user add content
but still require a 'reviewer' (either the ADMIN account, or another
user's account who has reviewer rights) accept the content and publish
it.<br>
<br>
One thing - not sure what versions of the components Apt installed, but
lots of folks have suggested to me to install manually. And this info
from the Plone site indicates the required versions to get things
working properly:<br>
<br>
<blockquote type="cite">
<ul>
<li>Plone 2.0.5 requires Python 2.3.4 or later (not the
recently-released 2.4), Zope 2.6 or 2.7 (not the unreleased 2.8), CMF
1.4.7 (not 1.5), and GRUF 2.0.1 (not 3). If you deviate from these
recommendations you are on your own.</li>
<li>We still ship Archetypes 1.2.5-rc5 because updating AT in a
minor release is not appropriate. You may want to be extra careful when
upgrading not to overwrite newer versions of AT. We recommend to
download latest 1.3 release of Archetypes if you do product development.</li>
</ul>
</blockquote>
<br>
The Los Angeles Zope user group meets monthly - and you can also post
questions to our site: <a class="moz-txt-link-abbreviated" href="http://www.LAZUG.org">www.LAZUG.org</a><br>
<br>
And of course I'd suggest using this list:<br>
<br>
Plone-users mailing list
<br>
<a class="moz-txt-link-abbreviated"
href="mailto:Plone-users@lists.sourceforge.net">Plone-users@lists.sourceforge.net</a>
<br>
<a class="moz-txt-link-freetext"
href="https://lists.sourceforge.net/lists/listinfo/plone-users">https://lists.sourceforge.net/lists/listinfo/plone-users</a>
<br>
<br>
Take care<br>
<br>
Rich Pinder<br>
<br>
<br>
<br>
Dustin wrote:
<blockquote
cite="midPine.LNX.4.44.0507191736500.9262-100000@alice.wonderland.caltech.edu"
type="cite">
<pre wrap="">OK, I experimented with Plone a bit, and it's not as bad to install as I
thought (he said dishonestly, having let apt-get do all the work). I'm
going to have to leave it for a bit, but since we have Zope/Plone types on
this list I wanted something cleared up if there is an easy answer.
I have it as far as getting Zope running, adding the Plone component, and
creating a Plone instance, so it looks like there is a website stub there.
Two things bother me: one is that it isn't working through apache yet, but
I haven't tried that and I suppose at worst I can ignore that for now.
More worrisome, though, is the fact that though I recall being prompted
for a password it seems any connection to the Zope port is automagically
logged in as my admin user. I suspect there is some configuration thing I
missed, but for those of you who have used Zope/Plone, what is the
security model supposed to be? I don't dare open up the Zope port or let
apache pass requests through until I am confident that user accounts are
working.
Basically, I regard the test as a failure if I can't have it set up to
allow anyone to create an account with user privileges and me to bump them
up to administrator. It's fine for now if I have to activate new accounts
by hand, but not if I create them from scratch (too much of a
psychological barrier). Having the server email me when new accounts are
created would be nice, but not necessary.
Anyway, I still have to try to read up on this, but if there is a simple
answer that would tell me what I'm looking for, I'd appreciate it.
Dustin
</pre>
</blockquote>
</body>
</html>