On Jul 31, 2007, at 6:42 PM, Graham Dumpleton wrote:
> Note that the standard way that Apache authentication modules are > supposed to work is that they set req.user to the authenticated user > id. This is also turned into REMOTE_USER variable in > req.subprocess_env when req.add_common_vars() is called. If > add_common_vars() isn't being called by a mod_python handler you will > thus not have access to REMOTE_USER and would have to use req.user. > > FWIW, you seem to deliberately doing things to break how Apache > normally works. Why can't your other module simply set req.user in the > correct manner to what you want rather than using the request > environment variables. If the module is a C module it is the 'user' > attribute of request_rec structure. If you need whether this is done > to be selectable then add a directive to enable passing full name in > req.user. Do note though that your full names better be unique > otherwise you might have issues in Trac. > > Perhaps provide more explanation of the reasons for wanting to so > this, rather than simply what you want to achieve. It may be the case > that you shouldn't be changing Trac but that the other module should > be changed to do things in a more customisable way inline with how > Apache should be used. Actually our module is setting REMOTE_USER correctly, but to provide backwards compatibility the name being put into that field is missing some important information. Our web authentication system was recently upgraded to support multiple realms of users, for example alumni, pre-admission students, and general community members. To differentiate between users in different realms, the username is concatenated with '@REALM'. So for example my username would be Stephen A. [EMAIL PROTECTED] whereas my old username would have just been Stephen A. Cochran To prevent breaking all the old applications that were already looking at REMOTE_USER and didn't know anything about the realm, I wrote the apache module (written in c) to put the old version in REMOTE_USER, and added a new ENV variable called REMOTE_USER_FULLNAME with the new form. Users can simply use an htaccess directive to limit access to a certain realm to prevent problems with the new realms. That way applications can be upgraded at their own pace. Steve Cochran --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
