httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug MacEachern <do...@telebusiness.co.nz>
Subject ap_auth_type() and r->connection->ap_auth_type
Date Wed, 06 May 1998 04:18:00 GMT
I've attached a simple patch for consideration, which makes
ap_auth_type() return r->connection->ap_auth_type if present, otherwise
return the configured AuthType.
This way, the AuthType can be changed at request time on the fly.
Some of the api methods are driven off of what ap_auth_type() returns,
most of which do nothing if it's not "Basic".  What if I want to
implment an AuthType other than Basic, but still let other modules use
some Basic basics once inside the server, e.g. get_basic_auth_pw().  All
it does is parse out the Authorization: header, which could certainly be
set by a module via r->headers_in, but nearly every authentication
module relies on get_basic_auth_pw() to obtain the username/password.
What I want to do is, obtain username/password via a form and pass it
back to the client as cookie (possibly wrapped up in MD5 checksum w/
other stuff), but have the first plain text username/password go through
the real authentication handler
(e.g. Apache::AuthenDBI), for that to work get_basic_auth_pw() must
work.
Part of what I'm trying to do is work around the fact that there's no
way to tell IE or Netscape to forget a user's Basic auth credentials,
but you can tell them to forget about a cookie.  I don't see how
returning r->connection->ap_auth_type if present could break anything.
Thoughts?

-Doug

Mime
View raw message