Issue 1396134
Created on 2006-01-03 17:08 by dlinke, last changed 2006-01-09 22:52 by dlinke.
|
| File name |
Uploaded |
Description |
Edit |
Remove |
|
client.py.patch
|
dlinke,
2006-01-03 17:08
|
patch to client.py |
|
|
|
| msg2089 |
Author: [hidden] (dlinke) |
Date: 2006-01-03 17:08 |
|
In a setup where Apache handles authentication (here
sspi-auth) the user supplied by Apache is overriden by
the user identified from the cookie. This is especially
bad if it is the cookie of an administrator since the
user gets the admin-rights...
client.py had to be changed (see patch).
Regards,
David
|
| msg2090 |
Author: [hidden] (dlinke) |
Date: 2006-01-07 12:48 |
|
Logged In: YES
user_id=734219
Another related problem with external authentication handled
by apache
http://article.gmane.org/gmane.comp.bug-tracking.roundup.user/6239
in short: basic auth handled by apache still looks up pwd in
roundup user db
|
| msg2091 |
Author: [hidden] (a1s) |
Date: 2006-01-09 09:19 |
|
Logged In: YES
user_id=8719
slightly different implementation is checked in.
i didnt't test http authorization (no apache here), so it
would be nice if you could do a cvs checkout and see if it
works for you.
|
| msg2092 |
Author: [hidden] (dlinke) |
Date: 2006-01-09 22:52 |
|
Logged In: YES
user_id=734219
A test with the CVS version from half an hour ago showed no
problems. I tested both cases http-auth by apache and by
roundup.
|
|
| Date |
User |
Action |
Args |
| 2006-01-03 17:08:43 | dlinke | create | |
|