RE: Unset PerlAuthenHandler (I wish)

Mon, 18 Dec 2000 15:42:59 -0800 

Hey Jeff --

For that same situation, I've rolled my own Authz handler which provides a
"require nothing" directive.  In my Authz handlers, if you put "require
nothing" in your .htaccess file, all requests will be Authorized.  This is
essential for things like the login screen, etc.

Rolling your own Authz handler is usually not that tough, but it has been a
while since I've looked at the CPAN offerings.  I see that AuthDBI appears
to have some sort of caching, which is essential for performance, and
non-trivial to implement properly.  What you need is a Authz handler which
is extensible, so that it can support your own methods.  Or at least support
a "require nothing" type of directive.

The functionality I described would be roughly the equivalent of patching
AuthDBI.pm as follows (NOTE: This is a COMPLETELY untested, undocumented,
and probably ill-conceived patch!):

----START---->

*** AuthDBI.pm  Tue Sep 28 12:17:32 1999
--- AuthDBI.pm.jesse    Mon Dec 18 18:45:26 2000
***************
*** 475,481 ****
              $user_requirements .= " $val";
          } elsif ($val =~ s/^group\s+//go) {
              $group_requirements .= " $val";
!         }
      }
      $user_requirements  =~ s/^ //go;
      $group_requirements =~ s/^ //go;
--- 475,484 ----
              $user_requirements .= " $val";
          } elsif ($val =~ s/^group\s+//go) {
              $group_requirements .= " $val";
!         } elsif ($val =~ /^nothing$/) {
!             # Get out quick if we don't require anything.
!             return OK;
!       }
      }
      $user_requirements  =~ s/^ //go;
      $group_requirements =~ s/^ //go;

<----END----


TTYL,

-Jesse-


--

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  Jesse Erlbaum ....................... CTO
  [EMAIL PROTECTED] ............. Vanguard Media
  v: 212.242.5317 x115 ...... New York City
+-+-+-+-+-+- http://www.vm.com/ +-+-+-+-+-+-+



> -----Original Message-----
> From: Jeff Sheffield [mailto:[EMAIL PROTECTED]]
> Sent: Monday, December 18, 2000 5:54 PM
> To: [EMAIL PROTECTED]
> Subject: Unset PerlAuthenHandler (I wish)
> 
> 
> Ok, essentially I want all but one directory on the
> server to be password protected.
> I want 1 directory to have the "I forgot my password"
> functionality.

> Any ideas..??

Reply via email to