On Mon, 20 May 2002, Geoffrey Young wrote:
>
>
> Todd Chapman wrote:
>
> > That makes sense. I can't use mod_auth because I can't set Require.
>
>
> well, if you're saying that you don't have the ability to set the Require directive
>at all
> (as in you don't have access to edit httpd.conf), then you can't run any
>authentication
> handler - mod_auth, mod_perl, or otherwise. Apache core requires the Require
>directive to
> be set to something before it will even try to run the authen/authz phases of the
>request.
>
> so, you may be out of luck and need to resort to the CGI tricks of yore where
>everything
> is clumped in the content-generation phase (and of which I'm not that familiar).
I can set Require, but I will have to ignore it's value since the realm,
password file, and require are decided based on the URI.
>
> > I'm
> > using Basic authentication and text based password files. Unfortunately, I
> > can't find an Apache::Auth* module that handles basic authentication
> > against text files. Did I miss it somewhere?
>
>
> I'm not sure, but it may not exist for the reason I stated eariler about mod_perl
>not
> duplicating default Apache behavior. IIRC, there is one that authenticates against
> /etc/passwd, so maybe you can use that as an example of flat file based processing.
>
> in general, though, the steps are pretty much the same no matter which
>authentication
> method you choose. see
>
> http://www.modperlcookbook.org/code/ch13/Cookbook/Authenticate.pm
>
> for an example - all you need to do is replace the authenticate_user() subroutine
>with
> calls that validate the user based on your own criteria.
>
Thanks. Sounds like we need an Apache::AuthBasicFile since mod_auth
doesn't allow Require to be set dynamically.
-Todd
> HTH
>
> --Geoff
>
>
>
>
