httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: WWW Form Bug Report: "No CGI & Authentication vars" on Solaris 2.x (fwd)
Date Wed, 13 Dec 1995 19:10:00 GMT
Ages ago Brian wrote:
>David, is "AUTH_TYPE" part of the CGI spec?  I can't get through to 
>hoohoo or your cgi draft.
>
>---------- Forwarded message ----------
>Date: Tue, 5 Dec 1995 09:29:12 +0100 (MET)
>From: Rico Jansen <rico@vpro.nl>
>To: Brian Behlendorf <brian@organic.com>
>Subject: Re: WWW Form Bug Report: "No CGI & Authentication vars" on Solaris 2.x (fwd)
>
>> ...
>> >     REMOTE_USER=cloos
>> ...
>> > Note that the username entered at authentication never made it to the
>> > environment.  I think this is what the original complaint was about.
>> 
>> Eh?
>> 
>>n
>Yes, this gets through, but not the AUTH_TYPE field, and if AUTH_TYPE
>field is not set, REMOTE_USER is unreliable, as it is up to the browser
>to send it, when not authenticated (Netscape 1.x doesn't, Mosaic and Lynx do).

Yes, AUTH_TYPE is part of the CGI spec, and Apache 1.0.0 does not set it.
I think this is a bit of a showstopper, and should be fixed.

 [But not by my today.]

 David.

Mime
View raw message