2009/1/19 Johan <[email protected]>: > > I am implementing the DAA into the WSGI app from scratch.
What is DAA for the ignorant? > One of my > project goal is to learn Python so I thought it would be good > excercise. Apache is set with "WSGIPassAuthorization On" and I > maintain sessions with memcached. It all happens between environ and > start_response. The only 3rd party Python code I use are MySQLdb and > memcached as supplied by the Debian Lenny repos. > > It's been, interesting, to implement DAA serverside and it's not quite > "1.0" yet. Have only tested it with Firefox and Epiphany so far. > Site's going live in roughly 3 months. Looking at: http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html#authdigestdomain as my minimal source of information, if 'domain' is returned as list of URIs, then the browser client should restrict itself to sending this same auth information to only those URIs. Interestingly, the URIs need not even refer to the same host, which means that one could use it as single sign on across hosts. For the latter though, it does say: """The URIs specified can also point to different servers, in which case clients (which understand this) will then share username/password info across multiple servers without prompting the user each time.""" The key thing being 'which understand this'. So, not all clients may. That is referring to just cross host stuff though and one would think that clients would handle stuff within one host okay. All I can perhaps suggest is set it up with Apache authentication. http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html Using mod_wsgi as an authentication provider if want to use same user database as now. http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms Then compare what Firefox does for that. If Firefox is doing the wrong thing when talking to Apache implementation, which would presumably do the correct thing, then you have a potential problem with Firefox. If it works when Apache does it, then compare what headers are being returned by Apache and see how they compare to what your application is returning. Graham --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en -~----------~----~----~----~------~----~------~--~---
