minor #6423 Added a caution note about REMOTE_USER and user impersonation (javiereguiluz)

This PR was merged into the 2.7 branch.

Discussion
----------

Added a caution note about REMOTE_USER and user impersonation

Note: this should be merged 2.7 and higher.

Commits
-------

fbcfbb4 Fixed a path
d0c9ad9 Added a caution note about REMOTE_USER and user impersonation

Author: weaverryan

cookbook/security/pre_authenticated.rst

@@ -151,3 +151,10 @@ key in the ``remote_user`` firewall configuration.
     Just like for X509 authentication, you will need to configure a "user provider".
     See :ref:`the previous note <cookbook-security-pre-authenticated-user-provider-note>`
     for more information.
+
+.. caution::
+
+    :doc:`User impersonation </cookbook/security/impersonating_user>` is not
+    compatible with ``REMOTE_USER`` based authentication. The reason is that
+    impersonation requires the authentication state to be maintained server-side
+    but ``REMOTE_USER`` information is sent by the browser in each request.