A little auth module plugin I wrote to allow cross-domain login from
emulab to the protogeni wiki, but I use it for all of the wikis. The basic idea is that the emulab backend inserts a hash value into the cookie table in the trac DB on ops (via ssh). Then Emulab issues a redirect over to the trac wiki, with the uid/hash values as arguments to the xlogin URL. This hash is use-once; if it exists in the cookies table, it is deleted and a new one generated by the underlying auth module, and a cookie returned to the browser. The user is thus logged in for all subsequent access. Why? Cause emulab.net cannot insert auth cookies for protogeni.net, so must let the auth module inside trac insert the cookie.