Mercurial > p > roundup > code
comparison roundup/configuration.py @ 6211:50960479f627
New config-option 'cookie_takes_precedence'
.. in the [web] section. This allows sub-logins (e.g. without a
password given a specific role) even when a non-cookie login mechanism
(like Kerberos) is in use. With that mechanism e.g., a Kerberos ticket
will not take precedence over an existing cookie. This might become the
default in the future and the new option might go away.
| author | Ralf Schlatterbeck <rsc@runtux.com> |
|---|---|
| date | Mon, 29 Jun 2020 15:48:04 +0200 |
| parents | 546763f4ce44 |
| children | 957a0fc20021 |
comparison
equal
deleted
inserted
replaced
| 6210:13f5cbbcd4e6 | 6211:50960479f627 |
|---|---|
| 729 "a list of roles is specified here that are allowed to see\n" | 729 "a list of roles is specified here that are allowed to see\n" |
| 730 "these obsolete properties in the history. By default only the\n" | 730 "these obsolete properties in the history. By default only the\n" |
| 731 "admin role may see these history entries, you can make them\n" | 731 "admin role may see these history entries, you can make them\n" |
| 732 "visible to all users by adding, e.g., the 'User' role here."), | 732 "visible to all users by adding, e.g., the 'User' role here."), |
| 733 (Option, "error_messages_to", "user", | 733 (Option, "error_messages_to", "user", |
| 734 # XXX This description needs better wording, | 734 'Send error message emails to the "dispatcher", "user", ' |
| 735 # with explicit allowed values list. | 735 'or "both" (these are the allowed values)?\n' |
| 736 "Send error message emails to the dispatcher, user, or both?\n" | 736 'The dispatcher is configured using the DISPATCHER_EMAIL' |
| 737 "The dispatcher is configured using the DISPATCHER_EMAIL" | 737 ' setting.'), |
| 738 " setting."), | |
| 739 (Option, "html_version", "html4", | 738 (Option, "html_version", "html4", |
| 740 "HTML version to generate. The templates are html4 by default.\n" | 739 "HTML version to generate. The templates are html4 by default.\n" |
| 741 "If you wish to make them xhtml, then you'll need to change this\n" | 740 "If you wish to make them xhtml, then you'll need to change this\n" |
| 742 "var to 'xhtml' too so all auto-generated HTML is compliant.\n" | 741 "var to 'xhtml' too so all auto-generated HTML is compliant.\n" |
| 743 "Allowed values: html4, xhtml"), | 742 "Allowed values: html4, xhtml"), |
| 839 "to be lowercase (including the realm) and still follow the\n" | 838 "to be lowercase (including the realm) and still follow the\n" |
| 840 "Kerberos convention of using an uppercase realm. In\n" | 839 "Kerberos convention of using an uppercase realm. In\n" |
| 841 "addition this is compatible with Active Directory which\n" | 840 "addition this is compatible with Active Directory which\n" |
| 842 "stores the username with realm as UserPrincipalName in\n" | 841 "stores the username with realm as UserPrincipalName in\n" |
| 843 "lowercase."), | 842 "lowercase."), |
| 843 (BooleanOption, 'cookie_takes_precedence', "no", | |
| 844 "If the http_auth option is in effect (see above)\n" | |
| 845 "we're accepting a REMOTE_USER variable resulting from\n" | |
| 846 "an authentication mechanism implemented in the web-server,\n" | |
| 847 "e.g., Kerberos login or similar. To override the mechanism\n" | |
| 848 "provided by the web-server (e.g. for enabling sub-login as\n" | |
| 849 "another user) we tell roundup that the cookie takes\n" | |
| 850 "precedence over a REMOTE_USER or HTTP_AUTHORIZATION\n" | |
| 851 "variable. So if both, a cookie and a REMOTE_USER is\n" | |
| 852 "present, the cookie wins.\n"), | |
| 844 (IntegerNumberGeqZeroOption, 'login_attempts_min', "3", | 853 (IntegerNumberGeqZeroOption, 'login_attempts_min', "3", |
| 845 "Limit login attempts per user per minute to this number.\n" | 854 "Limit login attempts per user per minute to this number.\n" |
| 846 "By default the 4th login attempt in a minute will notify\n" | 855 "By default the 4th login attempt in a minute will notify\n" |
| 847 "the user that they need to wait 20 seconds before trying to\n" | 856 "the user that they need to wait 20 seconds before trying to\n" |
| 848 "log in again. This limits password guessing attacks and\n" | 857 "log in again. This limits password guessing attacks and\n" |