The JSON API that got introduced with RB 1.5 does not recognize when we are using RemoteUserMiddleware in Django.  The djblets webapi authentication understands that we're using the RemoteUserBackend, but does not extract the relevant information or supply the correct parameter to authenticate(...).  This causes tools like post-review to fail when attempting to commit a patch to a RB instance that is running on a server with a separate authentication module.

My fix is to have the authentication functions check for the existence of the REMOTE_USER header and handle it appropriately if it exists.  The solution is a bit ugly and one-off, so I'd appreciate any feedback on how to make it more universal.

Manual, using the Kerberos authentication module for Apache and enabling 'django.contrib.auth.middleware.RemoteUserMiddleware' in settings.py.