httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Luke Kenneth Casson Leighton <>
Subject user authentication question
Date Fri, 22 Jun 2001 22:45:03 GMT

well, as you may know i'm new to this, and just created
mod_auth_xvl and mod_access_xvl.

so please excuse me for not knowing how everything fits together.

specifically, i have some design issues to resolve.

firstly, mod_access_xvl is more like a mod_auth
than a mod_access.  i.e. you need to do per-directory
config _but_ i need a username to do it!


but i noticed that mod_accesses are caled before mod_auths,
so you don't get an r->connection_>user oops!

so i have to make mod_access_xvl actually call the user-checking
function.  oh dear.

did i get that right?

now, my qustion is, in amongst all this bad typing on a v.
slow link, is, if you _have_ an r->connection->user, can
i assume that the user has _been_ authenticated?

can mod_xvl - which serves web content - treat the
r->connection->user _as_ authenticated?

see, what i want to do is to 'cut out' the cookie-based
authentication if people want to.  but ithat means that i
will need
to pass the authenticated user TO xvl.  i can read the headers,
it's HTTP/basic auth, big deal, done that.  but i
want to cut that stage out, it's currently duplicated
inside xvl.

so, not only does apache do HTTP basic auth, but also
xvl.  the one in xvl has to be disableable, and to 'trust'
apache, instead.

so, what do i do? :) :)

am i on the right tracks?

all best,


p.s. much apprecite if you could cc me
because i am only post-rights to
new0httpd, i check
the archive but it's 2mb download :)

View raw message