[jonah] Authentication continued....

[Chuck Hagenbuch]

Quoting Bill Edgington <horde@0x20.com>:

> Shouldn't it check getauth() first to see if an admin is logged in, and
> then force HTTP authentication if the getauth() check fails?

I have it set to strictly obey only the type of auth you've configured in 
conf.php; I suppose I could be convinced to honor Horde auth as well.

> Another thing - I think backend.php should allow access from any IP if
> ['conf']['ips'] is unset...

I'd rather be paranoid with respect to this.

> If you want, I can submit a patch.

Patches would be great.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"What was and what may be, lie, like children whose faces we cannot see, in 
the arms of silence. All we ever have is here, now." - Ursula K. Le Guin