My intention is not to use the authentication provided by the apache, but uses a authentication mechanism by CAS (Central Autthentication Service) running else where, After successful authentication we need to pass the control to another application(which is running on the same apache server) which depend on the REMOTE_USER value which we set.
Following is the use case. My ulitmate objective is When a user requests particular service/url (e.g http://library/service_2), it will be intercepted by Apache2 <Location /serivice_2> and invoke the perl module which will do a CAS (Central Authentication Validation) authentication and if success set the REMOTE_USER value and there after pass the control to (http://library/service_2), This library serive will retrieve the $ENV{'REMOTE_USER') value and perform further processing. I have the perl script do the CAS valiation working fine but still working on the REMOTE_USER variable updation and passing. Do you still think we need to pass the value as a cookie, what about the security?, as both the perl module and other other application (http://library/service_2) resides in the same server on apache server, We thought REMOTE_USER variable is a handy mechanism to pass the value? Am I doing something fundamentally wrong? Perrin Harkins wrote: > > On Thu, 2007-01-11 at 14:06 -0800, Tracy12 wrote: >> If this is the case, How can we preserve the REMOTE_USER value and >> forward/redirect to the other application >> ( running on same Apache Server) which is based on the REMOTE_USER >> environment variable, which is set in my perl module in the first >> application. >> >> >> I was under the impression $ENV{'REMOTE_USER') variable can be used for >> such >> purposes. > > It sounds like you're not clear on what HTTP basic authentication does. > A good starting point is the authentication docs on the apache website: > http://httpd.apache.org/docs/2.2/howto/auth.html > > In short, the server sends a 401 response, the client sends the username > and password, and that happens on every single request in the realm that > requires authentication. The REMOTE_USER is just an internal thing to > see what the auth handler set it to. It's usually the username the > client sent. > > If you're not trying to do authentication and are just looking for a way > to preserve some data between requests, you need to pass it in cookies, > or URLs, or hidden form fields. > > - Perrin > > > -- View this message in context: http://www.nabble.com/Lost-ENV-variable-value-.........-tf2956856.html#a8288447 Sent from the mod_perl - General mailing list archive at Nabble.com.
