doc/book/pyramid/settings.rst
author Sylvain Thénault <sylvain.thenault@logilab.fr>
Thu, 29 Sep 2016 23:11:38 +0200
changeset 11760 efb8250e37fb
parent 11631 faf279e33298
child 12098 452129511244
permissions -rw-r--r--
Drop deprecated LDAP related script both are relying on the 'entities.source' column which has been dropped in 3.19. They have been written with the old ldapsource in mind, which has been dropped at that time.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
11537
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     1
Settings
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     2
========
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     3
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     4
.. _cubicweb_settings:
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     5
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     6
Cubicweb Settings
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     7
-----------------
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
     8
11621
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11605
diff changeset
     9
Pyramid CubicWeb will **not** make use of the configuration entries
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11605
diff changeset
    10
found in the cubicweb configuration (a.k.a. `all-in-one.conf`) for any
5747d4c2e083 [doc] update a bit the documentation
David Douard <david.douard@logilab.fr>
parents: 11605
diff changeset
    11
pyramid related configuration value.
11537
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    12
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    13
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    14
.. _pyramid_settings:
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    15
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    16
Pyramid Settings
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    17
----------------
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    18
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    19
If a ``pyramid.ini`` file is found in the instance home directory (where the
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    20
``all-in-one.conf`` file is), its ``[main]`` section will be read and used as the
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    21
``settings`` of the pyramid Configurator.
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    22
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    23
This configuration file is almost the same as the one read by ``pserve``, which
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    24
allow to easily add any pyramid extension and configure it.
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    25
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    26
A typical ``pyramid.ini`` file is:
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    27
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    28
.. code-block:: ini
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    29
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    30
    [main]
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    31
    pyramid.includes =
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    32
        pyramid_redis_sessions
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    33
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    34
    cubicweb.defaults = no
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    35
    cubicweb.includes =
11631
faf279e33298 Merge with pyramid-cubicweb
Yann Voté <yann.vote@logilab.fr>
parents: 11621
diff changeset
    36
        cubicweb.pyramid.auth
faf279e33298 Merge with pyramid-cubicweb
Yann Voté <yann.vote@logilab.fr>
parents: 11621
diff changeset
    37
        cubicweb.pyramid.login
11537
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    38
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    39
    cubicweb.profile = no
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    40
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    41
    redis.sessions.secret = your_cookie_signing_secret
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    42
    redis.sessions.timeout = 1200
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    43
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    44
    redis.sessions.host = mywheezy
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    45
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    46
The Pyramid CubicWeb specific configuration entries are:
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    47
11587
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    48
.. confval:: cubicweb.instance (string)
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    49
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    50
    A CubicWeb instance name. Useful when the application is not run by
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    51
    :ref:`cubicweb-ctl_pyramid`.
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    52
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    53
.. confval:: cubicweb.debug (bool)
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    54
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    55
    Enables the cubicweb debugmode. Works only if the instance is setup by
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    56
    :confval:`cubicweb.instance`.
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    57
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    58
    Unlike when the debugmode is set by the :option:`cubicweb-ctl pyramid --debug-mode`
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    59
    command, the pyramid debug options are untouched.
18dd303225cd [doc] Document embedding in a pyramid app
Christophe de Vienne <christophe@unlish.com>
parents: 11565
diff changeset
    60
11537
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    61
.. confval:: cubicweb.includes (list)
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    62
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    63
    Same as ``pyramid.includes``, but the includes are done after the cubicweb
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    64
    specific registry entries are initialized.
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    65
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    66
    Useful to include extensions that requires these entries.
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    67
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    68
.. confval:: cubicweb.bwcompat (bool)
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    69
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    70
    (True) Enable/disable backward compatibility. See :ref:`bwcompat_module`.
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    71
11588
50e1fda83837 [bwcompat] Make the error handler optional
Christophe de Vienne <christophe@unlish.com>
parents: 11587
diff changeset
    72
.. confval:: cubicweb.bwcompat.errorhandler (bool)
50e1fda83837 [bwcompat] Make the error handler optional
Christophe de Vienne <christophe@unlish.com>
parents: 11587
diff changeset
    73
50e1fda83837 [bwcompat] Make the error handler optional
Christophe de Vienne <christophe@unlish.com>
parents: 11587
diff changeset
    74
    (True) Enable/disable the backward compatibility error handler.
50e1fda83837 [bwcompat] Make the error handler optional
Christophe de Vienne <christophe@unlish.com>
parents: 11587
diff changeset
    75
    Set to 'no' if you need to define your own error handlers.
50e1fda83837 [bwcompat] Make the error handler optional
Christophe de Vienne <christophe@unlish.com>
parents: 11587
diff changeset
    76
11537
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    77
.. confval:: cubicweb.defaults (bool)
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    78
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    79
    (True) Enable/disable defaults. See :ref:`defaults_module`.
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    80
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    81
.. confval:: cubicweb.profile (bool)
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    82
caf268942436 Initial documentation.
Christophe de Vienne <christophe@unlish.com>
parents:
diff changeset
    83
    (False) Enable/disable profiling. See :ref:`profiling`.
11565
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    84
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    85
.. confval:: cubicweb.auth.update_login_time (bool)
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    86
11631
faf279e33298 Merge with pyramid-cubicweb
Yann Voté <yann.vote@logilab.fr>
parents: 11621
diff changeset
    87
    (True) Add a :class:`cubicweb.pyramid.auth.UpdateLoginTimeAuthenticationPolicy`
11565
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    88
    policy, that update the CWUser.login_time attribute when a user login.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    89
    
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    90
.. confval:: cubicweb.auth.authtkt (bool)
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    91
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    92
    (True) Enables the 2 cookie-base auth policies, which activate/deactivate
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    93
    depending on the `persistent` argument passed to `remember`.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    94
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    95
    The default login views set persistent to True if a `__setauthcookie`
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    96
    parameters is passed to them, and evals to True in
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    97
    :func:`pyramid.settings.asbool`.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    98
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
    99
    The configuration values of the policies are arguments for
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   100
    :class:`pyramid.authentication.AuthTktAuthenticationPolicy`.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   101
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   102
    The first policy handles session authentication. It doesn't get
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   103
    activated if `remember()` is called with `persistent=False`:
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   104
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   105
    .. confval:: cubicweb.auth.authtkt.session.cookie_name (str)
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   106
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   107
        ('auth_tkt') The cookie name. Must be different from the persistent
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   108
        authentication cookie name.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   109
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   110
    .. confval:: cubicweb.auth.authtkt.session.timeout (int)
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   111
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   112
        (1200) Cookie timeout.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   113
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   114
    .. confval:: cubicweb.auth.authtkt.session.reissue_time (int)
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   115
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   116
        (120) Reissue time.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   117
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   118
    The second policy handles persistent authentication. It doesn't get
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   119
    activated if `remember()` is called with `persistent=True`:
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   120
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   121
    .. confval:: cubicweb.auth.authtkt.persistent.cookie_name (str)
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   122
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   123
        ('auth_tkt') The cookie name. Must be different from the session
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   124
        authentication cookie name.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   125
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   126
    .. confval:: cubicweb.auth.authtkt.persistent.max_age (int)
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   127
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   128
        (30 days) Max age in seconds.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   129
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   130
    .. confval:: cubicweb.auth.authtkt.persistent.reissue_time (int)
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   131
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   132
        (1 day) Reissue time in seconds.
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   133
11605
2bf1eabb2bbd Document how to configure the "secure" flag for authentication policies
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 11588
diff changeset
   134
    Both policies set the ``secure`` flag to ``True`` by default, meaning that
2bf1eabb2bbd Document how to configure the "secure" flag for authentication policies
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 11588
diff changeset
   135
    cookies will only be sent back over a secure connection (see
2bf1eabb2bbd Document how to configure the "secure" flag for authentication policies
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 11588
diff changeset
   136
    `Authentication Policies documentation`_ for details). This can be
2bf1eabb2bbd Document how to configure the "secure" flag for authentication policies
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 11588
diff changeset
   137
    configured through :confval:`cubicweb.auth.authtkt.persistent.secure` and
2bf1eabb2bbd Document how to configure the "secure" flag for authentication policies
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 11588
diff changeset
   138
    :confval:`cubicweb.auth.authtkt.session.secure` configuration options.
2bf1eabb2bbd Document how to configure the "secure" flag for authentication policies
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 11588
diff changeset
   139
2bf1eabb2bbd Document how to configure the "secure" flag for authentication policies
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 11588
diff changeset
   140
    .. _`Authentication Policies documentation`: \
2bf1eabb2bbd Document how to configure the "secure" flag for authentication policies
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 11588
diff changeset
   141
        http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html
2bf1eabb2bbd Document how to configure the "secure" flag for authentication policies
Denis Laxalde <denis.laxalde@logilab.fr>
parents: 11588
diff changeset
   142
11565
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   143
.. confval:: cubicweb.auth.groups_principals (bool)
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   144
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   145
    (True) Setup a callback on the authentication stack that inject the user
6398be12f8e6 [doc] Document the new authentication stack
Christophe de Vienne <christophe@unlish.com>
parents: 11555
diff changeset
   146
    groups in the principals.