AUTHENTICATION_BACKENDS = [
"django.contrib.auth.backends.RemoteUserBackend",
]
AUTHENTICATION_BACKENDS += ['django_su.backends.SuBackend', ]
With this setup, Django recognizes me as “foobar” when apache does RequestHeader set REMOTE-USER foobar. (this won’t work with HTTP_REMOTE_USER or REMOTE_USER, not sure why)
But then when I use my “login as another user” functionality, my user is not changed. I stepped through the vscode python debugger and I found that SuBackend is producing the correct user, but then that user is ignored, because the new user’s username does not match REMOTE_USER. exact line of source code in github
I know very little about Django and I don’t want to jump the gun after an hour of debugging. Is SuBackend completely incompatible with RemoteUserBackend / RemoteUserMiddleware, since the resulting user is intended to be different from the previous REMOTE_USER, and will always be ignored?
As a workaround, can I temporarily disable RemoteUserMiddleware when SuBackend is in use? Or can I add a special condition into RemoteUserMiddleware to let it through? I am loath to break down barriers mean to prevent users from becoming each other.
From what I have gathered so far, RemoteUserBackend is somewhat unique among other auth backends in that it also requires you to use its auth middleware. Is that true?