代码很好。问题是您正在使用RemoteUserBackend，而不是使用默认后端：

The code is fine. The problem is you're using the RemoteUserBackend exclusively, instead of the default backend:

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.RemoteUserBackend',
)

我从来没有使用过，但是从文档很明显，它只会检查您的请求中的REMOTE_USER标头，从而使您的密码登录尝试不相关。

I've never used it myself, but from the docs it's clear that it'll only check for a REMOTE_USER header in your requests, thus making your password login attempts irrelevant.

如果您不能同时使用，则可以将默认的ModelBackend添加为后备项：

You could add the default ModelBackend as a fallback, if you wan't to have both available:

AUTHENTICATION_BACKENDS = (
        'django.contrib.auth.backends.RemoteUserBackend',
        'django.contrib.auth.backends.ModelBackend',
)

或摆脱RemoteUserBackend allt一起，让你的应用程序以默认方式进行身份验证。

or get rid of the RemoteUserBackend alltogether and have your app authenticate the default way.

希望这有帮助。