On Feb 16, 2004, at 12:11 AM, André Malo wrote:
* Axel Grossklaus <[EMAIL PROTECTED]> wrote:Depending on exactly what you want to do (and to what extend you control
moin,
Moin Moin ;-)
i would like the interface to allow modules to change the username
during the authentication process from the value that was passed by the
browser to some other value that will be used as authenticated user
further down the chain.
I'd guess there's question what do you want to change when. In digest
authentication the username is an integral part of the hashed data, so you
cannot change it during the authentication stage.
the order of the modules during deployment) other tricks include setting
fake headers (which you application picks) up or using per-request
prviate module space (or r->notes if you are lazy) to mark a request; and
then (assuming you are last) set r->user different moments before cgi/handler
or control is handed over to the application. It is not uncommon to 'spoof'
r->user to note, say, the data from an auth certificate or some ldap info
you got trough a rsa-securid login. But it is generally BETTER to add a
extra header or an extra env-var; and certainly cleaner.
Dw.
