I have following scenario:

roundup tracker (0.8.2) running on localhost, apache +
mod_rewrite is proxying the requests and mapping the
tracker to a server's URL namespace. 

Tracker is accessible from the Internet without any
authorization. This works fine. In order to access the
tracker from the Internet, one has to authorize against
apache (and then, the user is allowed to login to
roundup). The access from the Internet worked fine in
previous releases (0.7.X), but 0.8.X contains "support"
for HTTP_AUTHORIZATION (roundup/cgi/client.py:400 ...),
which breaks the things if:

1) webserver passes REMOTE_USER and HTTP_AUTHORIZATION
variables to roundup
2) REMOTE_USER has a password different to his password
in roundup.

Please provide a configuration option, which will
enable/disable HTTP_AUTH. With the current code and my
config, roundup responses with 403 HTTP responsecode.