On Aug 1, 11:39 am, "Stephen A. Cochran Lists" <[EMAIL PROTECTED]> wrote: > On Jul 31, 2007, at 6:42 PM, Graham Dumpleton wrote: > > > > > Note that the standard way that Apache authentication modules are > > supposed to work is that they set req.user to the authenticated user > > id. This is also turned into REMOTE_USER variable in > > req.subprocess_env when req.add_common_vars() is called. If > > add_common_vars() isn't being called by a mod_python handler you will > > thus not have access to REMOTE_USER and would have to use req.user. > > > FWIW, you seem to deliberately doing things to break how Apache > > normally works. Why can't your other module simply set req.user in the > > correct manner to what you want rather than using the request > > environment variables. If the module is a C module it is the 'user' > > attribute of request_rec structure. If you need whether this is done > > to be selectable then add a directive to enable passing full name in > > req.user. Do note though that your full names better be unique > > otherwise you might have issues in Trac. > > > Perhaps provide more explanation of the reasons for wanting to so > > this, rather than simply what you want to achieve. It may be the case > > that you shouldn't be changing Trac but that the other module should > > be changed to do things in a more customisable way inline with how > > Apache should be used. > > Actually our module is setting REMOTE_USER correctly, but to provide > backwards compatibility the name being put into that field is missing > some important information. Our web authentication system was > recently upgraded to support multiple realms of users, for example > alumni, pre-admission students, and general community members. > > To differentiate between users in different realms, the username is > concatenated with '@REALM'. So for example my username would be > > Stephen A. [EMAIL PROTECTED] > > whereas my old username would have just been > > Stephen A. Cochran > > To prevent breaking all the old applications that were already > looking at REMOTE_USER and didn't know anything about the realm, I > wrote the apache module (written in c) to put the old version in > REMOTE_USER, and added a new ENV variable called REMOTE_USER_FULLNAME > with the new form.
As I mentioned briefly in my comments, would you be able to implement a directive for your module which can be set to enable/disable req.user being set to the full name with realm. Presuming that Trac user database has full name with realm in it, you could then say: <Location /trac> StuffFullNameInUser On </Location> Ie., turn on passing of full name just for URL Trac is under. This will allow you to selectively pass through the extra information to applications as user databases are updated. Not sure I have got this round the right way, so I hope you understand what I am talking about. Or am I missing something. Graham --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
