Someone worked on patches long ago for this but they were never completed.
They're a bit outdated now given changes in Review Board.
I don't know how your code works, but I believe Django has support for HTTP
Auth now (django.contrib.auth.backends.RemoteUserAuthBackend). It actually
doesn't completely do what we need. It'll automatically create User objects
for any new attempt at login, which is probably bad. What I'd do is subclass
this in our own backends.py file and set create_unknown_user to False. I'd
also create a new variable we can use to hide the Log In link (maybe
"hide_login_page" or something) and check that in the base.html template.
This backend must be used in conjunction with
django.contrib.auth.middleware.RemoteUserMiddleware. However, the middleware
assumes that we're absolutely using RemoteUserAuthBackend, which we won't
always be, so you'd also have to subclass that, override process_request,
and only call the parent method if the HTTP auth backend is used. That
middleware would need to be placed in the middleware list in
You'd then need to update Review Board to know about it
(reviewboard/admin/siteconfig.py and forms.py, I believe).
Hope that helps.
Christian Hammond - chip...@chipx86.com
Review Board - http://www.reviewboard.org
VMware, Inc. - http://www.vmware.com
On Tue, Jun 8, 2010 at 10:27 AM, tuckermi <tucke...@gmail.com> wrote:
> I am trying to configure ReviewBoard (I'm using 1.5b2) to trust the
> REMOTE_USER environment variable that is set by apache when I use
> basic HTTP authentication. Has anyone had luck doing something like
> this who can steer me in the right direction? I have tried writing my
> own backend, which seems like it is probably not the best approach,
> but am running into some issues. Specifically, I am still prompted to
> login with the ReviewBoard login page after I authenticate through the
> HTTP Auth popup.
> I would definitely prefer to use existing tools if they exist -- I
> looked through the documentation and didn't see any mention of HTTP
> basic auth as an authentication backend. Is there something in Django
> that I should look at? Any suggestions would be appreciated.
> Want to help the Review Board project? Donate today at
> Happy user? Let us know at http://www.reviewboard.org/users/
> To unsubscribe from this group, send email to
> For more options, visit this group at
Want to help the Review Board project? Donate today at
Happy user? Let us know at http://www.reviewboard.org/users/
To unsubscribe from this group, send email to
For more options, visit this group at