Here's a simple handler that will set the AuthType and AuthName
dynamically and handle the authentication for you. This handler will
prompt you for a password when you try to acess /manual with the
AuthName, "The Manual" and prompt with the AuthName "The Icons" when you
try to access /icons.
On Wed, 27 Sep 2000, Todd Chapman wrote:
Problems with your suggestion:
1. The realm will not be known until I get path_info so
Location/Location directives will not work.
you can use $r-auth_name($realm) to set it at request time.
2. How can I get Perl to do the password lookup in
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
my $authheader = 'Basic realm="'.$realm.'"';
$r-header_out("WWW-Authenticate" ,$authheader);
there's a cleaner way for that:
$r-auth_name($realm);
$r-note_basic_auth_failure;
$r-status(AUTH_REQUIRED);
no need for that.
Thanks for the help Doug. This is what I have now but all I get is a
segementation fault in the log.
Any ideas?
-Todd
package Apache::SetRealm;
## Usage: PerlHeaderParserHandler Apache::SetRealm
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
# find the
$r->auth_name($realm), $r->auth_type($basic) did not work for me, which
is why I used the $r->header_out method. Also, after I set the outgoing
header and returned AUTH_REQUIRED, I got prompted but the $realm did not
show. Instead it displayed 'unknown' as the realm name. But when I set
the
On Thu, 28 Sep 2000, Todd Chapman wrote:
Thanks for the help Doug. This is what I have now but all I get is a
segementation fault in the log.
$r-note_basic_auth_failure;
if AuthType is not set, this will core dump. i just expanded the change
that defaults AuthType to Basic for
On Thu, 28 Sep 2000, Carlos Ramirez wrote:
$r-auth_name($realm), $r-auth_type($basic) did not work for me, which
is why I used the $r-header_out method. Also, after I set the outgoing
header and returned AUTH_REQUIRED, I got prompted but the $realm did not
show. Instead it displayed
Thanks Doug but I (and my customer) don't want to live on the CVS bleeding
edge right now. Can you suggest something else?
Original problem:
I need to set the realm for virtual documents based on path_info and use
Basic authentication. Otherwise I may have to move to some cooie based
On Thu, 28 Sep 2000, Todd Chapman wrote:
Thanks Doug but I (and my customer) don't want to live on the CVS bleeding
edge right now. Can you suggest something else?
yeah, add this to httpd.conf:
AuthType Basic
Duh! Thanks.
Now, is there any way to determine the realm the browser thinks it's
authentication to? Is the realm stored in the Authorization header or any
other headers?
-Todd
On Thu, 28 Sep 2000, Doug MacEachern wrote:
On Thu, 28 Sep 2000, Todd Chapman wrote:
Thanks Doug but I (and
Todd Chapman [EMAIL PROTECTED] writes:
Duh! Thanks.
Now, is there any way to determine the realm the browser thinks it's
authentication to? Is the realm stored in the Authorization header or any
other headers?
I wouldn't try to use realms in any serious way- various browsers
do various
Problems with your suggestion:
1. The realm will not be known until I get path_info so
Location/Location directives will not work.
2. How can I get Perl to do the password lookup in the dynamically
selected AuthUserFile?
Thanks for the help.
-Todd
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
1. Oh, I mis-interpreted your question. I thought you already had a list
of virtual directories with the
AuthNames defined.
You can set the AuthName by sending them in the server response header
field:
WWW-Authenticate Basic $realm
So the first request to /companyA, you AuthHandler will respond
Thanks for the help. I was hoping that Apache would check the password for
me but this should work.
Now, how do I get Apache to run my PerlAuthenHandler without setting the
AuthType or AuthName in httpd.conf?
Do I need to do the Authentication in a PerlHandler?
-Todd
On Wed, 27 Sep 2000,
By choosing to use your custom AuthHandler, you basically override Apache's
way of handling the particular phase, in this case the authentication phase.
So you must handle prompting the user and also checking the password.
You might want to read the Apache Guide (http://perl.apache.org/) on
how
Please explain again how to get my AuthHandler called without setting
AuthName or AuthType in httpd.conf.
Thanks.
-Todd
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
By choosing to use your custom AuthHandler, you basically override Apache's way of
handling the particular phase, in this case
16 matches
Mail list logo
