On Fri, Jul 31, 2009 at 13:27, rupert.thurner<rupert.thur...@gmail.com> wrote: > just as a side note, edgewall trac supports it by just taking the > webservers authentication, see: > * http://trac.edgewall.org/browser/trunk/trac/web/auth.py. > * > http://trac-hacks.org/browser/sslauthenticationplugin/0.11/sslauthentication/__init__.py > * http://trac-hacks.org/wiki/SslAuthenticationPlugin
Thanks for the pointer. I agree, using the Apache mod_ssl client authentication feature to do the dirty work definitely makes sense (and this is already working for me). I am however still somewhat lost with regards to the authentication backend implementation. While I could theoretically implement a backend, which just evaluates the environment variables set by mod_ssl (and ignores the password supplied to the 'authenticate' method), this would probably still require the user to click on the "Login" hyperlink in the RB web UI. What I would prefer is some implementation, which is mostly transparent and automagically signs in the user when he performs the first page hit. Do you think that's technically feasible with the current authentication architecture (or would it require a major rewrite)? Regards, Thilo --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "reviewboard" group. To post to this group, send email to reviewboard@googlegroups.com To unsubscribe from this group, send email to reviewboard+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/reviewboard?hl=en -~----------~----~----~----~------~----~------~--~---