It would be good to have these two config. files merged into single
one. Aside better maintainability, there would be benefit of having
secret for auth_tkt authentication plugin automatically generated
as it already happens with beaker.session.secret -- during "make-config"
stage ("paster make-config") that serves to generate final configuration
file from template. This would left luci totally independent on tools
like sed (which still prevents a bit from self-sufficient native Python
Commit http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=cd04ae0682f6955cf00474bc3f43e0ff6141d59d addresses this bug.
Note: this was fixed in the context of work on pkg-update upstream
branch which means the fix ties closely to the major change
brought from this branch into main-line upstream code
in connection with bug #660446
To test that nothing went wrong with this change, only test that logging
into luci works as before (i.e. access granted for correct login/password and
forbidden for incorrect login/password). Additionally, it might be good to
check that repoze.who middleware configuration now present in luci.ini
(/var/lib/luci/etc/luci.ini) is effectively taken into account by this
"modify and see the change in behaviour" sequence:
1. if you were logged into luci previously, first log out properly
2. stop luci service
3. edit /var/lib/luci/etc/luci.ini as shown:
--- listing start ---
# REPOZE.WHO CONFIGURATION
use = repoze.who.plugins.basicauth:make_plugin
--- listing end ---
4. restart the luci
5. open respective address in web browser -- now the way of logging in should
be different ("oldschool" modal HTTP authentication dialog shown on behalf
of the browser rather then the dialog shown on behalf of the starting page
included directly in this page)
Another thing good to check is that "secret" value under
[plugin:auth_tkt] section in "repoze.who" part of configuration
in /var/lib/luci/etc/luci.ini contains some a (pseudo)random value.
Please note that this configuration file is created upon first
"service luci start" so do not expect this file to be there in
advance (this change was introduced with solution of bug #660446).
Additionally, commit http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=ae84a337104049517a82a54b4bd89cc223f9cde3 removed now unneeded who config file.