Thanks, Cathy. That was part of it - I allowed permissions to be inherited and blocked inheritance at the package level and that seemed to work ok. I'm running into similar infinite loop problems, however, if I try to prevent the public from viewing the first page. For example, if I throw an ad_maybe_redirect_for_registration in the index page, I get the same loop. Ditto for the following:
if {[ad_conn user_id] == 0} {
ad_returnredirect "/register/"
}
Also tried "/intranet/register/index" (/intranet being the subsite node) and others for the redirect argument. The redirect to /register/ works fine from the applications but not from the home page. Why would that be?