Thilo-Alexander Ginkel wrote:
> On Thu, Aug 20, 2009 at 23:37, Christian Hammond<> wrote:
>> Good question. I don't know that anyone's tested that or worked on it. I
>> imagine it doesn't work right today, but could be done. You'd probably have
>> to deal with two password prompts.
> Shouldn't it be possible to implement this with a similar
> authentication middleware that Nathan H. proposed for the X.509
> authentication (see [1])? The env variable will be a different one and
> you will probably also need your own auth backend, but the basic
> concept should remain the same.
In my work, I chose to allow the X.509 auth backend as well as the 
standard auth. Users can change their password when authenticated with 
X.509, and then since post-review isn't able to use X.509, it will use 
the standard authentication backend. After implementing the X.509 
authentication stuff, I've been wondering if it might have been better 
to do it the REMOTE_AUTH way. That would allow for the ugly regular 
expression in the UI to be dropped. It may be useful to merge the 
changes we made to the templates in Issue 513 and review 938. That would 
probably be the simplest solution to getting a usable solution in which 
you can rely on corporate Single Sign On and still keep the post-review 
tool useful without needing to add potentially proprietary code to 


You received this message because you are subscribed to the Google Groups 
"reviewboard" group.
To post to this group, send email to
To unsubscribe from this group, send email to
For more options, visit this group at

Reply via email to