> Why bother separating them? We can document the fact that if you see > form based auth and your intention was to use apache auth, then you have > one of two cases: a) you didn't setup apache auth b) you apache auth is > screwed up. > > I don't see the benefit in try to distinguish between them.
Because if you mess up the Apache configuration *once* Trac is installed - thinking about adding a new project, upgrading Apache, etc. - you'd fall back to an unexpected behaviour. When it comes to authentication and security, I really do not like the software to guess what's the "best way" to go. Please add an option, at least, to always disable the fallback to the form-based authentication. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
