Mercurial Repository: p/roundup/code: roundup/configuration.py comparison

Add config option 'http_auth_convert_realm_to_lowercase'

author	Ralf Schlatterbeck <rsc@runtux.com>
date	Mon, 13 Jan 2020 09:36:40 +0100
parents	55f5060e0508
children	c177e7128dc9

comparison

equal deleted inserted replaced

-:302eceff0c49
+:380dec305c28
 "Whether to use HTTP Basic Authentication, if present.\n"
 "Roundup will use either the REMOTE_USER or HTTP_AUTHORIZATION\n"
 "variables supplied by your web server (in that order).\n"
 "Set this option to 'no' if you do not wish to use HTTP Basic\n"
 "Authentication in your web interface."),
+(BooleanOption, 'http_auth_convert_realm_to_lowercase', "no",
+"If usernames consist of a name and a domain/realm part of\n"
+"the form user@realm and we're using REMOTE_USER for\n"
+"authentication (e.g. via Kerberos), convert the realm part\n"
+"of the incoming REMOTE_USER to lowercase before matching\n"
+"against the roundup username. This allows roundup usernames\n"
+"to be lowercase (including the realm) and still follow the\n"
+"Kerberos convention of using an uppercase realm. In\n"
+"addition this is compatible with Active Directory which\n"
+"stores the username with realm as UserPrincipalName in\n"
+"lowercase."),
 (IntegerNumberGeqZeroOption, 'login_attempts_min', "3",
 "Limit login attempts per user per minute to this number.\n"
 "By default the 4th login attempt in a minute will notify\n"
 "the user that they need to wait 20 seconds before trying to\n"
 "log in again. This limits password guessing attacks and\n"

Mercurial > p > roundup > code