Updated documentation, PREAUTHONLY is obsolete (always True), no chai…

…ning for PREAUTHHEADER #55
proycon · Oct 25, 2017 · 117e809 · 117e809
1 parent ffb61a4
commit 117e809
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 8 deletions.
diff --git a/clam/clamservice.py b/clam/clamservice.py
@@ -2401,6 +2401,9 @@ def __init__(self, mode = 'debug'):
         if settings.OAUTH:
             if not settings.ASSUMESSL: warning("*** Oauth Authentication is enabled. THIS IS NOT SECURE WITHOUT SSL! ***")
             self.auth = clam.common.auth.OAuth2(settings.OAUTH_CLIENT_ID, settings.OAUTH_ENCRYPTIONSECRET, settings.OAUTH_AUTH_URL, getrooturl() + '/login/', settings.OAUTH_AUTH_FUNCTION, settings.OAUTH_USERNAME_FUNCTION, printdebug=printdebug,scope=settings.OAUTH_SCOPE)
+        elif settings.PREAUTHHEADER:
+            warning("*** Forwarded Authentication is enabled. THIS IS NOT SECURE WITHOUT A PROPERLY CONFIGURED AUTHENTICATION PROVIDER! ***")
+            self.auth = clam.common.auth.ForwardedAuth(settings.PREAUTHHEADER, debug=printdebug) #pylint: disable=redefined-variable-type
         elif settings.USERS:
             digest_auth = clam.common.auth.HTTPDigestAuth(settings.SESSIONDIR,get_password=userdb_lookup_dict, realm=settings.REALM,debug=printdebug) #pylint: disable=redefined-variable-type
             if settings.BASICAUTH:
@@ -2416,9 +2419,6 @@ def __init__(self, mode = 'debug'):
                 if not settings.ASSUMESSL: warning("*** HTTP Basic Authentication is enabled. THIS IS NOT SECURE WITHOUT SSL! ***")
             else:
                 self.auth = digest_auth
-        elif settings.PREAUTHHEADER:
-            warning("*** Forwarded Authentication is enabled. THIS IS NOT SECURE WITHOUT A PROPERLY CONFIGURED AUTHENTICATION PROVIDER! ***")
-            self.auth = clam.common.auth.ForwardedAuth(settings.PREAUTHHEADER, debug=printdebug) #pylint: disable=redefined-variable-type
         else:
             warning("*** NO AUTHENTICATION ENABLED!!! This is strongly discouraged in production environments! ***")
             self.auth = clam.common.auth.NoAuth() #pylint: disable=redefined-variable-type

diff --git a/docs/clam_manual.pdf b/docs/clam_manual.pdf
diff --git a/docs/clam_manual.tex b/docs/clam_manual.tex
@@ -38,12 +38,12 @@
 
 \HRule \\[0.5cm]
 { \Large \bfseries CLAM: Computational Linguistics Application Mediator}\\[0.5cm] % Title of your document
-{\bf \small version 2.2$+$ - revision 1.7} \\[0.5cm]
+{\bf \small version 2.2$+$ - revision 1.8} \\[0.5cm]
 { \Large \bfseries Documentation}\\[0.5cm]
 {\large \emph{Maarten van Gompel}}\\[0.5cm]
 \HRule \\[1.0cm]
 
-\emph{November 11th, 2014 (date published) - March 10th, 2017 (last revision)} \\[0.5cm]
+\emph{November 11th, 2014 (date published) - October 25th, 2017 (last revision)} \\[0.5cm]
 \includegraphics[width=20.0mm]{ru-beeldmerk-zwart.eps}
 \end{center}
 
@@ -960,9 +960,8 @@ \subsubsection{External forwarded authentication schemes}
 \emph{prior} to passing control to CLAM. An example of such a system is
 Shibboleth \footnote{http://shibboleth.net}.  Multiple headers may be specified
 in \texttt{PREAUTHHEADER}, using space as delimiter, effectively creating a
-fallback chain. When \texttt{PREAUTHONLY} is set to \texttt{False} (default),
-the ultimate fallback will be CLAM's built-in user system, unless this is set
-to \texttt{None}.
+fallback chain. If the header is not passed (which should never happen with properly
+configured middleware), a HTTP 401 reply will be returned.
 
 When such a forwarded authentication scheme is used, proper care has to be
 taken, by the middle layer, to ensure that the HTTP headers cannot be forged by