httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ras...@madhaus.utcs.utoronto.ca
Subject Re: How to authorize everyone?
Date Wed, 24 Jul 1996 04:47:54 GMT
> rasmus@madhaus.utcs.utoronto.ca said:
> > 
> > What is the best way to automatically authorize everybody, no matter
> > what they enter as their user id and password?  From looking at
> > mod_auth_anon.c I can see that it would be easy to write a little module
> > that did this, but I was wondering if any of the existing myriad of
> > authentication modules were capable of doing this.
> 
> Why even authorise at that point?  Just for the username?

No, more because I want a mechanism to optionally bypass the authentication
in Apache and let another module do the actual authentication without
having to make this other module a real authentication module.
That probably sounded rather cryptic.

Basically, people who use mod_php to embed PHP/FI scripts into their
HTML pages are able to send back a 401 (AUTH_REQUIRED) in order to
write whatever custom logic they might want in order to trigger 
authentication.  Having a set of static rules in configuration files
is often not flexible enough.  So the flow would be:

    - custom logic which returns a "HTTP/1.0 401 Unauthorized"
    - client sends username/password
    - mod_auth_anon recognizes somehow that it should pass
      on doing any sort of check on the request
    - mod_php provides the target HTML-embedded PHP/FI script
      with the username and password enabling the target script
      to do the authorization and return the appropriate header

It is only the 3rd step that isn't working at the moment.  The other ones
are ok.  I need a nice mechanism for telling the various authentication
mechanisms in Apache that they should blindly accept the authentication
challenge and let other modules down the line deal with them even though
these other modules may not be registered as auth modules.

I was hoping Dirk would send me his mod_auth_anon patches.  He tried
earlier, but they didn't get through.  Anybody have them?

-Rasmus

Mime
View raw message