> John Kristensen added the comment:

> On 27/02/15 19:40, Anthony wrote:
>> Greetings.
>>
>> Because  of  facing  the problem with "REMOTE_USER" i can't appreciate
>> evenly how many users face the same.
>>
>> Also i want you to pay attention to another part of patch:
>>
>> 2.c " Make all HTTP-request options available in internal environment as
>> "HTTP_"  prefixed variable, not just few hardcoded" which make benefit
>> of passing options from reverse proxy (may be not in the same system)
>> to roundup internals.

> If it is possible to write a Login action that makes use of HTTP 
> environment variables, then I can see some value in passing these 
> through without being filtered. But are there any other use-cases where
> the environment variables would actually be used? Would these use-cases
> be any different from the existing "is a username set? if so, log them in".

First  of  all,  i explored this few month ago so i can forget
somethings about the issue.

It  is  possible to write a Login action that makes use of HTTP
variables. Unfortunately, there is  a lack of HTTP environment
variables. There are few hardcoded.

> I'm not very familiar with this section of code though, so maybe someone
> else can provide some comment on this.

> Did you have a look at the serverfault link I mentioned in my last 
> response? Was it a workable solution? If it is then I think it would be
> a preferable solution to fix this sort of issue outside of round (and 
> document these sort of solutions) than attempting to solve them within
> roundup.

They  suggest to change REMOTE_USER to other name (proxy-user) before proxying and
on the backend rename it back REMOTE_USER . The problem is that 'backend' is roundup.

As  i  remember  there are a some more problem passing variables. They
prefixed with REDIRECT_.

>>
>> P.S. May be somebody do a review of another patch
>> http://issues.roundup-tracker.org/issue2550871
>>
>> P.P.S. The text above sended via email has returned with folowing error:
>>
>> There were problems handling your subject line argument list:
>> - not of form [arg=value,value,...;arg=value,value,...]
>>

> My guess is because of the "[proposed patch]" in the subject (which may
> now be removed because I have snipped it from my response... wei'll see.

> ----------
> title: New option for web auth [proposed patch] -> New option for web auth

> ________________________________________________
> Roundup tracker <issues@roundup-tracker.org>
> <http://issues.roundup-tracker.org/issue2550837>
> ________________________________________________