This basically sound like what I intend to implement. Would you mind sharing
> some patches?

I just uploaded my patch to

> There is a remaining problem that I have yet to resolve, and that is
> > authenticating with my certificate from the post-review tool. I'd like
> > to use a password-protected, but Python doesn't make that easy at all; I
> > end up having to enter my password each time python makes a web request.
> > Having post-review is definitely nice, but the web UI doesn't seem as
> > opaque any more :).
> I would probably prefer to continue to use user/password authentication
> with
> post-review as manual setup would be required to get hold of the X.509
> client
> key/cert from post-review whereas the certificate comes pre-installed in
> the
> web browser's secure store for all users. So, I hope your statement about
> the
> usage of multiple authentication backends being tricky does not apply to
> this
> scenario. ;-)

After playing around with my setup this weekend, I got things to work more
smoothly. I had been stumbling over the "SSLVerifyClient require"
configuration directive in my apache conf. After changing the "require" to
"optional" made things work like a charm. I'm able to post reviews using
post-review, authenticate from browsers that don't have my client
certificate imported, and authenticate from browsers with my client
certificate (without typing a password).


You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To post to this group, send email to
To unsubscribe from this group, send email to
For more options, visit this group at

Reply via email to