On Sat, 2003-03-29 at 22:17, Stuart Donaldson wrote:
> Has anyone dones any HTTP Authentication for Webware? To allow a
> webware applet to use the HTTP authentication mechanism?
Yes, I've done this before. The complexity is mostly in getting Apache
to actually send the password -- without sign
Howdy.
Has anyone dones any HTTP Authentication for Webware? To allow a
webware applet to use the HTTP authentication mechanism?
There are some bare references in WebKit/Experimental like someone
started down this path, but it isn't clear where they were going.
-Stuart-
p.s. Sorry I haven'
I don't think I like the idea of adding more
functionality into mod_webkit. IMHO, Webware is
supposed to be Python-oriented. But any features added
to mod_webkit are by definition written in C and
therefore less accessible to be understood and modified
by Webware's core audience. Also, mod
Ian Bicking wrote:
> > Note that Mozilla now supports Digest Authentication.
> > http://www.mozilla.org/projects/netlib/http/
> > http://www.mozilla.org/releases/mozilla0.9.7/#new
> >
> > Digest Apache module here:
> > http://www.berlinonline.de/wissen/computer/linux_tips/os/
> > and
> > http://ww
Ian Bicking wrote:
>
>
> I'm not sold on many of the features of the modules... it's so much
> easier and more powerful to use Python,
I was more interested in getting various variables out
of Apache and passing them on rather than trying to
do anything in an Apache module. Even the rewrite
stu
On Sat, 2002-05-11 at 08:13, Bill Eldridge wrote:
>
> Is there a way to get APache to use WK for authentication
> even for non-WK pages using something like this?
> It looks like someone's been working on something
> similar here:
>
> http://mod-auth-script.sourceforge.net/
>
> And another at:
On Sat, 2002-05-11 at 07:20, Bill Eldridge wrote:
>
> Some of the issues mentioned in this list about
> getting various info from Apache into Webware
> might be addressed in Apache 2.0, specifically:
>
>The second advantage over Apache 1.3 is filtered input/output (I/O),
>which allows on
Is there a way to get APache to use WK for authentication
even for non-WK pages using something like this?
It looks like someone's been working on something
similar here:
http://mod-auth-script.sourceforge.net/
And another at:
http://www.unixpapa.com/mod_auth_external.html
As well as other Apa
Okay, I got HTTP authentication working (thanks Bill). I couldn't get
the Zope method to work quite right, as environmental variables weren't
passed on.
Anyway, a page describing it is at:
http://webware.colorstudy.net/twiki/bin/view/Webware/HttpAuthentication
Ian
_
Ian Bicking wrote:
> Okay, now I really want to get HTTP authentication working. Here's
> where I am:
>
> The Zope mod_rewrite style kind of works, but I can't get it to actually
> set an environmental variable -- either for mod_webkit or WebKit.cgi.
> You can put the authentication header in t
Okay, now I really want to get HTTP authentication working. Here's
where I am:
The Zope mod_rewrite style kind of works, but I can't get it to actually
set an environmental variable -- either for mod_webkit or WebKit.cgi.
You can put the authentication header in the URL as a get variable,
thoug
On Thu, 2002-02-28 at 12:48, Tim Roberts wrote:
> >Ng's authcookie extension to m2crypto sounds perfect for this sort of
> >stuff, but I have tested it yet.
>
> I, for one, am very interested in hearing others experience and advice on this
> topic. Every site I've ever done has wanted username
On Fri, Mar 01, 2002 at 01:46:09AM +0100, Magnus Lie Hetland wrote:
> Ian Bicking <[EMAIL PROTECTED]>:
> [...]
> > > (Otherwise, mod_auth_pgsql sounds like a very good alternative.)
> >
> > Debian has packages for all the major auth modules -- even a lesser
> > distribution like RedHat
>
>
>
>
Ian Bicking <[EMAIL PROTECTED]>:
[...]
> > (Otherwise, mod_auth_pgsql sounds like a very good alternative.)
>
> Debian has packages for all the major auth modules -- even a lesser
> distribution like RedHat
> probably has the same ;) So it's pretty easy.
Yeah, I found an RPM (for the "lesser
On Wed, 27 Feb 2002 15:11:07 -0800, Tavis Rudd <[EMAIL PROTECTED]> wrote:
>
>Ng's authcookie extension to m2crypto sounds perfect for this sort of
>stuff, but I have tested it yet.
I, for one, am very interested in hearing others experience and advice on this
topic. Every site I've ever done h
On Wed, Feb 27, 2002 at 10:47:15PM +0100, Magnus Lie Hetland wrote:
> Mike Orr <[EMAIL PROTECTED]>:
> [...]
> > That sounds familiar too...
> >
> > In any case, when we figure it out we need to put it on the wiki as an
> > alternate authentication method.
>
> Yeah. I would even go so far as to s
On Wed, Feb 27, 2002 at 09:31:21PM +0100, Magnus Lie Hetland wrote:
> Mike Orr <[EMAIL PROTECTED]>:
> [...]
> > The rules above are copied straight from my old Zope install. I haven't
> > tried them with Webware.
>
> Well, they seem correct. The odd thing is that I can't seem to set the
> enviro
On Wednesday 27 February 2002 14:07, Magnus Lie Hetland wrote:
> This looks great -- but perhaps a bit ambitious? I'm not saying the
> project should be scaled down, but that perhaps a more modest
> mechanism could be added as an initial step? (It might have a
> better chance of actually being imp
Magnus Lie Hetland wrote:
> Perhaps simply wrapping up the code from the example in the
> distribution in such a way that one could use/inherit it without
> knowing how it works? (To make this simple enough, one would perhaps
> have to drop the ID field stuff...)
That's what I'd like to do -- imp
Tavis Rudd <[EMAIL PROTECTED]>:
[snip]
> > Anyhow: Whether it be based on HTTP authentication, or a standard
> > cgi/form/session solution, it seems to me that a fully encapsulated
> > and extremely simple authentication mechanism would be useful in
> > Webware. The example from the distribution i
On Wednesday 27 February 2002 13:47, Magnus Lie Hetland wrote:
> > > But there is no such standard for the password, IIRC.
> >
> > If you need the password, van you use database authentication and
> > look up the password in the database by the username?
>
> If I have a database authentication sol
Mike Orr <[EMAIL PROTECTED]>:
[...]
> That sounds familiar too...
>
> In any case, when we figure it out we need to put it on the wiki as an
> alternate authentication method.
Yeah. I would even go so far as to suggest perhaps a utility method or
two... No real need to go through all this explic
Mike Orr <[EMAIL PROTECTED]>:
>
> On Wed, Feb 27, 2002 at 09:31:21PM +0100, Magnus Lie Hetland wrote:
> > I guess I'll just try with a .htpasswd file or
> > something (which should set the environment variables properly, I
> > guess.)
>
> That's probably the best way to test it. But on a product
On Wed, Feb 27, 2002 at 09:31:21PM +0100, Magnus Lie Hetland wrote:
> I guess I'll just try with a .htpasswd file or
> something (which should set the environment variables properly, I
> guess.)
That's probably the best way to test it. But on a production server,
putting the auth config in a di
On Wed, Feb 27, 2002 at 09:49:32PM +0100, Magnus Lie Hetland wrote:
> > I guess that's where my problem is; initiating the authentication
> > process is easy enough; I just can't get the username and password
> > afterwards...
>
> It seems (as I think I remember from several years ago) that
> REM
EMAIL PROTECTED]>
> Sent: Wednesday, February 27, 2002 5:14 PM
> Subject: Re: [Webware-discuss] HTTP authentication
>
> > Why not just use some form of webware-based authentication?
>
> You'll
>
> > get better control, support, and possibly security (assuming
>
>
On Wed, Feb 27, 2002 at 02:14:56PM -0800, Tavis Rudd wrote:
> Why not just use some form of webware-based authentication? You'll
> get better control, support, and possibly security (assuming https).
It's a question of using the simplest technology necessary to do the
job, preferring something
Tavis Rudd <[EMAIL PROTECTED]>:
>
> Why not just use some form of webware-based authentication? You'll
> get better control, support, and possibly security (assuming https).
That's an alternative, yes. In fact, I already have that implemented.
I would just like to see how simple it would be to
Why not just use some form of webware-based authentication? You'll
get better control, support, and possibly security (assuming https).
On Wednesday 27 February 2002 12:49, Magnus Lie Hetland wrote:
> Magnus Lie Hetland <[EMAIL PROTECTED]>:
> > Mike Orr <[EMAIL PROTECTED]>:
> > > My memory is f
Magnus Lie Hetland <[EMAIL PROTECTED]>:
>
> Mike Orr <[EMAIL PROTECTED]>:
> > My memory is failing as to where PHP_AUTH_USER
> > comes from;
>
> I guess that's where my problem is; initiating the authentication
> process is easy enough; I just can't get the username and password
> afterwards...
Mike Orr <[EMAIL PROTECTED]>:
[...]
> The rules above are copied straight from my old Zope install. I haven't
> tried them with Webware.
Well, they seem correct. The odd thing is that I can't seem to set the
environmentvariable through the E rewrite directive.
[...]
> Basic authentication is gr
Mike Orr <[EMAIL PROTECTED]> wrote:
> Some disadvantages of Basic Authentication:
>
> ** You can't customize the login dialog except the short "realm name"
> string. If users are confused about why they are being asked for a
> password, there's no way to provide a "click here for help" hyperlin
On Wed, Feb 27, 2002 at 05:10:07PM +0100, Magnus Lie Hetland wrote:
> Mike Orr <[EMAIL PROTECTED]>:
> >
> [...]
> > RewriteCond %{HTTP:Authorization} ^(.*)
> > RewriteRule ^/(.*) /usr/lib/cgi-bin/Zope.cgi/M/$1 \
> > [e=HTTP_CGI_AUTHORIZATION:%1, t=application/x-httpd-cgi,l]
>
> Thanks. I've fou
Mike Orr <[EMAIL PROTECTED]>:
>
[...]
> RewriteCond %{HTTP:Authorization} ^(.*)
> RewriteRule ^/(.*) /usr/lib/cgi-bin/Zope.cgi/M/$1 \
> [e=HTTP_CGI_AUTHORIZATION:%1, t=application/x-httpd-cgi,l]
Thanks. I've found several versions of this on the web and I think I
understand the way it ought to
Ian Bicking <[EMAIL PROTECTED]>:
>
> There's some discussion in Zope about this... if you look at information
> about using Zope on a commercial host it'll discuss this, but I think
> the standard installation notes also discuss it.
>
> If Apache has the authorization information then you can get
On Tue, Feb 26, 2002 at 07:09:46PM -0600, Ian Bicking wrote:
> There's some discussion in Zope about this... if you look at information
> about using Zope on a commercial host it'll discuss this, but I think
> the standard installation notes also discuss it.
>
> If Apache has the authorization in
There's some discussion in Zope about this... if you look at information
about using Zope on a commercial host it'll discuss this, but I think
the standard installation notes also discuss it.
If Apache has the authorization information then you can get it from an
environment variable (HTTP_USER o
I've been trying to translate som HTTP authentication code I've got
lying around for PHP into Python (using WebKit). I've figured out that
I can get the authentication started by supplying a WWW-Authenticate
header and setting the status to 401, but my question is -- where can
I find the username
38 matches
Mail list logo
