id	summary	reporter	owner	description	type	status	priority	component	severity	resolution	keywords	cc	release
10827	Obscure authentication scheme	techtonik	hasienda	This is a reply to comment:21:ticket:8545:\r\n\r\nThe #10826 is a proof that while implemented solution in #8545 might fix some problems it is still a hack.\r\n\r\nA good fix will require documenting authentication process properly, covering two user stories.\r\n1. How does Trac detects authenticated users internally?\r\n2. How different components authenticate users at the same time?\r\n\r\nThe next step is decouple REMOTE_USER (external auth) from Trac Auth plugins (internal auth) and provide internal auth API that will solve the following problems:\r\n\r\n1. check if user is already authenticated\r\n2. authenticate user\r\n3. audit authentication process\r\n4. skip authentication if 1. is true\r\n	defect	new	normal	AccountManagerPlugin	normal		authentication API	rjollos	0.11