"Environmental Variable" Authentication Method question..

[Max Kanat-Alexander]

	A lot of the below section would be good for the docs:

On Mon, 2005-08-08 at 16:47 -0400, A. Karl Kornel wrote:
>    There is only one required parameter for this form of authentication:
> auth_env_email.  auth_env_email needs to be set to the name of an
> environment variable that contains the logged-in user's email address. 
> Bugzilla identifies users by email address (also referred to as a login).
> 
>    auth_env_id and auth_env_realname are optional, but useful. 
> auth_env_realname can be set to an environment variable that contains the
> logged-in user's real name, so when a user is logs in for the first time
> their real name is set up properly.  Again, this is optional.
> 
>    auth_env_id is a bit more complicated.  It can be set to an 
> environment variable that contains some unique ID, something besides an email 
> address, which can be used to identify this user.  This unique ID should never
> change.  It is used so that a person can change their e-mail address
> without losing access to their account (since the account is identified 
> by e-mail address).
> 
>    Just to make sure I'm clear, those parameters don't contain the user's
> email/name/ID, the parameters contain the names of environment variables
> that contain the user's email/name/ID.
> 
>    Also, there are a couple of caveats with this.  First, changes to a
> user's email or password must take place outside of Bugzilla, since this
> info is being managed outside of Bugzilla.  Second, you can not log out
> through Bugzilla (Bugzilla didn't log you in, so it can't log you out!). 
> Also, because of a bug that I don't really want to get into, it may be a
> good idea to have users log in before granting access to any Bugzilla
> pages.

-- 
http://www.everythingsolved.com/
Competent, Friendly Bugzilla Services. And Everything Else, too.