Installation | Topics | Beyond Lino
Authentication¶
Lino defines some configuration settings about authentication.
SITE.user_model¶
If
user_modelis None, there’s no authentication and request.user is always anAnonymousUserinstance.user_modelis set automatically tolino.modlib.users.Userwhenlino.modlib.usersis installed.An alternative (and poorly tested) value for
user_modelcan be'auth.User'whendjango.contrib.authis installed instead oflino.modlib.users.
SITE.remote_user_header¶
The remote_user_header setting is no longer being used. It was used
on sites with HTTP authentication. The idea was that if
remote_user_header contains some value, Lino would be using HTTP
authentication and if is None, your Lino would use Session-based
authentication.
Session-based authentication¶
This means that your application has “Login”, “Logout” and “Register” buttons, and that django.contrib.sessions is added to your INSTALLED_APPS.
There are two variants of session-based authentication:
If
ldap_auth_serveris None, Lino uses the passwords stored in its own database.If
ldap_auth_serveris not None, Lino authenticates against the specified LDAP server.
HTTP authentication¶
HTTP authentication means that Lino delegates the authentication to the web server.
This method suits best when there is already a central user management system (e.g. an LDAP server) running on a site and authentication granted by the web server.
Lino trusts completely the
REMOTE_USER header
(remote_user_header)
of any incoming request.
If there is no user with that username in Lino’s database,
Lino will silently create a User with minimum rights.
There is currently no system (yet) to automatically synchronize Lino’s Users table from the LDAP server or whatever user database used by the web server.
One advantage of this is that Lino does not need any sessions.
See also
book/docs/tickets/31.rst