Koen
I've been slow in assembling the the pieces of a setup here at work
(Windows domain) using Windows + Apache 2.2 + mod_auth_sspi +
mod_wsgi + Django trunk) to test this patch as I promised on #django
during the sprint (I'm cramm on Freenode) but I hope to be able
to post some feedback RSN.
Also I've made some updates/fixes to the docs/auth_remote_user.txt
file added by Koen's patch and will be attaching an updated one
to the ticket.
There is an additional design level detail regarding the interface implemented
by Koen's last iteration of the patch and that's the reason I'm sending this
message to the list:
It is related to how an authentication backend implementing such and
interface would be affected by the changes implemented on [1]r6375
("Fixed #5457 - the auth system now delegates permission checking to
auth backend(s). As an added bonus, the auth backends now have some
unit tests! Thanks, Florian Apolloner."). In other words, should
RemoteUserAuthBackend:
a) simply inherit the four new authorization methods::
get_group_permissions(self, user_obj)
get_all_permissions(self, user_obj)
has_perm(self, user_obj, perm)
has_module_perms(self, user_obj, app_label)
from the ModelBackend class deferring to it's custom authenticator
subclasses the decision to break reliance on the django.contrib.auth app
('auth_permission' and 'auth_group_permissions' tables)?
b) Or should it implement empty versions of these methods
imposing it's subclasses a decoupling from the auth app?.
c) Another possibility I didn't take in account?
What do you guys think?.
Regards,
--
Ramiro Morales