This basically sound like what I intend to implement. Would you mind sharing
> some patches?
I just uploaded my patch to http://reviews.review-board.org/r/938/.
> There is a remaining problem that I have yet to resolve, and that is
> > authenticating with my certificate from the post-review tool. I'd like
> > to use a password-protected, but Python doesn't make that easy at all; I
> > end up having to enter my password each time python makes a web request.
> > Having post-review is definitely nice, but the web UI doesn't seem as
> > opaque any more :).
> I would probably prefer to continue to use user/password authentication
> post-review as manual setup would be required to get hold of the X.509
> key/cert from post-review whereas the certificate comes pre-installed in
> web browser's secure store for all users. So, I hope your statement about
> usage of multiple authentication backends being tricky does not apply to
> scenario. ;-)
After playing around with my setup this weekend, I got things to work more
smoothly. I had been stumbling over the "SSLVerifyClient require"
configuration directive in my apache conf. After changing the "require" to
"optional" made things work like a charm. I'm able to post reviews using
post-review, authenticate from browsers that don't have my client
certificate imported, and authenticate from browsers with my client
certificate (without typing a password).
You received this message because you are subscribed to the Google Groups
To post to this group, send email to firstname.lastname@example.org
To unsubscribe from this group, send email to
For more options, visit this group at