From bf9fc06072f2dcd5b17aec1fe6a03b046236d360 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 28 Mar 2011 13:03:43 +0400
Subject: only use autologin with SSL certificate when AUTO_LOGIN is enabled,
 otherwise redirect to login form as with remote auth

---
 config.php-dist | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'config.php-dist')

diff --git a/config.php-dist b/config.php-dist
index 26e8a02ff..531ce20b3 100644
--- a/config.php-dist
+++ b/config.php-dist
@@ -133,9 +133,12 @@
 	// used to integrate tt-rss with Apache's external authentication modules.
 
 	define('AUTO_LOGIN', false);
-	// Set this to true if you use ALLOW_REMOTE_USER_AUTH and you want
-	// to skip the login form. If set to true, users won't be able to
-	// set application language and settings profile.
+	// Set this to true if you use ALLOW_REMOTE_USER_AUTH or client SSL
+	// certificate authentication and you want to skip the login form. 
+	// If set to true, users won't be able to set application language 
+	// and settings profile.
+	// Otherwise users will be redirected to login form with their login
+	// information pre-filled.
 
 	define('LOCK_DIRECTORY', 'lock');
 	// Directory for lockfiles, must be writable to the user you run
-- 
cgit v1.2.3