use SSL serial to bind certificate to user; implement autologin using SSL certificate; set a separate session cookie for SSL connections (refs #324)

author: Andrew Dolgov <[email protected]> 2011-03-28 08:30:00 +0400
committer: Andrew Dolgov <[email protected]> 2011-03-28 08:30:15 +0400
commit: 3d72afa19a7e8e7f7691086dedba7c5f9631f42f (patch)
tree: 397f1e5936935122f0f023819fef26fbf1613cb4 /config.php-dist
parent: f98252f27cb979f5285b65908b1b24a913b1af81 (diff)
1 files changed, 3 insertions, 7 deletions
diff --git a/config.php-dist b/config.php-dist
index c12e3ebee..26e8a02ff 100644
--- a/config.php-dist
+++ b/config.php-dist
@@ -128,13 +128,9 @@
 	// Limits the amount of feeds daemon (or a cronjob) updates on one run
 
 	define('ALLOW_REMOTE_USER_AUTH', false);
-	// Set to 'true' if you trust your web server's REMOTE_USER or 
-	// REDIRECT_SSL_CLIENT_S_DN_CN environment variables to validate 
-	// that the user is logged in. This option can be used to integrate 
-	// tt-rss with Apache's external authentication modules or SSL
-	// client certificate authentication.
-	// Please note that REMOTE_USER takes precedence over SSL certificate
-	// information.
+	// Set to 'true' if you trust your web server's REMOTE_USER 
+	// environment variable that the user is logged in. This option can be 
+	// used to integrate tt-rss with Apache's external authentication modules.
 
 	define('AUTO_LOGIN', false);
 	// Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want
author	Andrew Dolgov <[email protected]>	2011-03-28 08:30:00 +0400
committer	Andrew Dolgov <[email protected]>	2011-03-28 08:30:15 +0400
commit	3d72afa19a7e8e7f7691086dedba7c5f9631f42f (patch)
tree	397f1e5936935122f0f023819fef26fbf1613cb4 /config.php-dist
parent	f98252f27cb979f5285b65908b1b24a913b1af81 (diff)