ID: 20088 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Feedback -Bug Type: Unknown/Other Function +Bug Type: HTTP related Operating System: SuSE Linux 7.2 PHP Version: 4.2.3 New Comment:
Works fine here. Do you have 'register_globals=On' ?? Previous Comments: ------------------------------------------------------------------------ [2002-10-25 10:36:35] [EMAIL PROTECTED] The following code: <?php // File Name: auth01.php // Check to see if $PHP_AUTH_USER already contains info if (!isset($PHP_AUTH_USER)) { // If empty, send header causing dialog box to appear header('WWW-Authenticate: Basic realm="My Private Stuff"'); header('HTTP/1.0 401 Unauthorized'); phpinfo(); exit; } // If not empty, display values for variables else { echo " <P>You have entered this username: $PHP_AUTH_USER<br> You have entered this password: $PHP_AUTH_PW<br> The authorization type is: $PHP_AUTH_TYPE</p> "; } ?> ....fails. I believe the reason for this is that I have made the following change to the PHP source: --- php/sapi/apache/mod_php4.c.paj00 Tue Sep 10 13:59:06 2002 +++ php/sapi/apache/mod_php4.c Tue Sep 10 13:59:17 2002 @@ -434,7 +434,7 @@ authorization = table_get(r->headers_in, "Authorization"); } if (authorization -/* && !auth_type(r) */ + && !auth_type(r) && !strcasecmp(getword(r->pool, &authorization, ' '), "Basic")) { tmp = uudecode(r->pool, authorization); SG(request_info).auth_user = getword_nulls_nc(r->pool, &tmp, ':'); I have made this change because of Bug #18391. However, custom authentication methods, an example of which is entered above, now fail. I would imagine that the two are linked. As we use mod_auth_kerb I will not remove this patch because otherwise we leave ourselves quite open to attack from the inside. Any suggestions on how to get custom authentication working alongside the increased kerberos security? Thanks, Paul ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=20088&edit=1