Repoze-who

-------------------

- Fix auth_tkt plugin; cookie values are now quoted, making it possible
to put spaces and other whitespace, etc in usernames. (thanks to Michael
Pedersen).

- Fix corner case issue of an exception raised when attempting to log
when there are no identifiers or authenticators.

-------------------

- The RedirectingFormPlugin now passes along SetCookie headers set
into the response by the application within the NotFound response
(fixes TG2 "flash" issue).

------------------

- The RedirectingFormPlugin now attempts to find a header named
``X-Authentication-Failure-Reason`` among the response headers set
by the application when a challenge is issued. If a value for this
header exists (and is non-blank), the value is attached to the
redirect URL's query string as the ``reason`` parameter (or a
user-settable key). This makes it possible for downstream
applications to issue a response that initiates a challenge with
this header and subsequently display the reason in the login form
rendered as a result of the challenge.

------------------

- The ``PluggableAuthenticationMiddleware`` constructor accepts a
``log_stream`` argument, which is typically a file. After this
release, it can also be a PEP 333 ``Logger`` instance; if it is a
PEP 333 ``Logger`` instance, this logger will be used as the
repoze.who logger (instead of one being constructed by the
middleware, as was previously always the case). When the
``log_stream`` argument is a PEP 333 Logger object, the
``log_level`` argument is ignored.

------------------

- ``repoze.who`` and ``repoze.who.plugins`` were not added to the
``namespace_packages`` list in setup.py, potentially making 1.0.6 a
brownbag release, given that making these packages namespace
packages was the only reason for its release.

------------------

- Make repoze.who and repoze.who.plugins into namespace packages
mainly so we can allow plugin authors to distribute packages in the
repoze.who.plugins namespace.