>> CGI scripts are not passed the authentication information when in a
>> secure area.
>>
>> Note this is in both 0.8.14 and 1.0.0
>>
>> I fixed it myself in mod_auth.c by adding the line
>> c->auth_type=auth_type(r); on line 195 (0.8.14) before return OK;
>> In 1.0.0 it is line 185
>>
Rob> This doesn't sound right. Lots of people are using
Rob> authentication on scripts.
Rob> Did you forget to add "POST" to the <Limit ... > ?
Rob> e.g.
Rob> <Limit GET POST> require valid-user </Limit>
I just tested this, and the Environment I get looks like:
DOCUMENT_ROOT=/home/www
GATEWAY_INTERFACE=CGI/1.1
HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
HTTP_CONNECTION=Keep-Alive
HTTP_COOKIE=s=caffeine6364818144005190
HTTP_HOST=www.io.com
HTTP_PRAGMA=no-cache
HTTP_REFERER=http://www.io.com/auth/
HTTP_USER_AGENT=Mozilla/2.0b3 (X11; I; BSD/OS 2.0 i386)
PATH=/usr/local/bin:/usr/bin:/bin
QUERY_STRING=
REMOTE_ADDR=199.170.88.30
REMOTE_HOST=caffeine.io.com
REMOTE_USER=cloos
REQUEST_METHOD=GET
SCRIPT_FILENAME=/home/www/auth/env.cgi
SCRIPT_NAME=/auth/env.cgi
SERVER_ADMIN=webmaster@io.com
SERVER_NAME=www.io.com
SERVER_PORT=80
SERVER_PROTOCOL=HTTP/1.0
SERVER_SOFTWARE=Apache/1.0.0
Note that the username entered at authentication never made it to the
environment. I think this is what the original complaint was about.
-JimC
--
James H. Cloos, Jr. <URL:http://www.jhcloos.com/~cloos/>
cloos@jhcloos.com Work: cloos@io.com
LPF,Usenix,SAGE,ISOC
|