From 6b28e957df364532109a1897c73a1fa8b1416bd4 Mon Sep 17 00:00:00 2001 From: Ross Brunton Date: Wed, 25 Feb 2015 18:57:47 +0000 Subject: [PATCH] Fixed #24379 -- Documented that remote user example disables ModelBackend. --- docs/howto/auth-remote-user.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/howto/auth-remote-user.txt b/docs/howto/auth-remote-user.txt index 53ed929511..39454c5f63 100644 --- a/docs/howto/auth-remote-user.txt +++ b/docs/howto/auth-remote-user.txt @@ -50,6 +50,18 @@ With this setup, ``RemoteUserMiddleware`` will detect the username in ``request.META['REMOTE_USER']`` and will authenticate and auto-login that user using the :class:`~django.contrib.auth.backends.RemoteUserBackend`. +Be aware that this particular setup disables authentication with the default +``ModelBackend``. This means that if the ``REMOTE_USER`` value is not set +then the user is unable to log in, even using Django's admin interface. +Adding ``'django.contrib.auth.backends.ModelBackend'`` to the +``AUTHENTICATION_BACKENDS`` list will use ``ModelBackend`` as a fallback +if ``REMOTE_USER`` is absent, which will solve these issues. + +Django's user management, such as the views in ``contrib.admin`` and +the :djadmin:`createsuperuser` management command, doesn't integrate with +remote users. These interfaces work with users stored in the database +regardless of ``AUTHENTICATION_BACKENDS``. + .. note:: Since the ``RemoteUserBackend`` inherits from ``ModelBackend``, you will still have all of the same permissions checking that is implemented in