> -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Emmanuel Blot > Sent: Monday, April 06, 2009 10:35 AM > To: [email protected] > Subject: [Trac-dev] Re: making form-based auth the default? > > > > The idea here is to use form based login if auth > > is not provided by apache or whatever server. > > How will you separate both cases: > 1. "I just want the login/logout feature to work" (I don't care > about HTTP authentication stuff) > 2. "I screwed up my Apache installation and HTTP authentication does > not work" > ? > > I'm not sure what's in the box, but whatever the final implementation > I hope there will not be a default form-based authentication that pops > up if Apache-based HTTP authentication has been actually requested. > > This choice could be made at environment creation time, with special > care so that already installed environments do not get form-based > enabled when the upgrade to 0.12 occurs.
It works the same way as acct_mgr does now. When you request /login it checks if REMOTE_USER is set (actually it always does that) and only shows the form if it isn't. If a username is passed in from the server, it is always trusted. --Noah --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
