On Fri, Jul 31, 2009 at 13:27, rupert.thurner<rupert.thur...@gmail.com> wrote:
> just as a side note, edgewall trac supports it by just taking the
> webservers authentication, see:
>  * http://trac.edgewall.org/browser/trunk/trac/web/auth.py.
>  * 
> http://trac-hacks.org/browser/sslauthenticationplugin/0.11/sslauthentication/__init__.py
>  * http://trac-hacks.org/wiki/SslAuthenticationPlugin

Thanks for the pointer. I agree, using the Apache mod_ssl client
authentication feature to do the dirty work definitely makes sense
(and this is already working for me). I am however still somewhat lost
with regards to the authentication backend implementation. While I
could theoretically implement a backend, which just evaluates the
environment variables set by mod_ssl (and ignores the password
supplied to the 'authenticate' method), this would probably still
require the user to click on the "Login" hyperlink in the RB web UI.
What I would prefer is some implementation, which is mostly
transparent and automagically signs in the user when he performs the
first page hit.

Do you think that's technically feasible with the current
authentication architecture (or would it require a major rewrite)?


You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To post to this group, send email to reviewboard@googlegroups.com
To unsubscribe from this group, send email to 
For more options, visit this group at 

Reply via email to