httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Holsman <i...@apache.org>
Subject Re: Share data between servers
Date Tue, 13 Aug 2002 15:46:27 GMT
Sébastien Bonnegent wrote:
> Graham Leggett wrote:
> GL> Sébastien Bonnegent wrote:
> GL> 
> GL> > Not necessarily, because I can detect in the proxy module when the server
> GL> > responds with a 401 (need authentification) and in this case, I re-send
> GL> > a request with a authentification field if the user is already authentified
> GL> > on the proxy. And this, without any browser's cooperation.
> GL> 
> GL> In that case I've lost you - can you explain again what you are trying 
> GL> to achieve? I understood that you were trying to force a transparent 
> GL> proxy to authenticate users through it, I don't see how the end server 
> GL> should get involved in any of this...?
> 
> The server doesn't see that there is a proxy, the schema is as follow:
> ---------------------------------------------------------------
> | User --------------------  Proxy ------------------- Server |
> ---------------------------------------------------------------
> Get an URL   ---->       do nothing     ---->       Need auth
>                                                        so
>                                        <----(401)
>                        If User is known
>                        then
>                               give user 
>                               auth header (auth)--->
>                        else
>             <----(401)
> user provides
> authentification
>           (auth)----> catch the authentification header
>                       and store it somewhere   (auth)---->  
> 
> (401) means "need authentification", a 401 request
> (auth) means that the request contains an authentification header
> 
> Is it more clear ?
ok.. it seems like you need to cache the authentication header, so that 
based on whatever criteria you can re-add it to the proxied request.

I'm not sure if you can do this at the moment with the current code.

we have a hook in place which will let you inject the auth header into 
to proxied request, but I don't think there is a hook to grab the 
original auth-header recieved from the 'server' so you can cache it.

so to summarise,
you would need to write a authentication module which can grab the 
original authentication and cache it (you could use something similar in 
design to mod_mem_cache to do this). you can then inject it via the 
proxy hook into the proxied request.

I haven't tried it, and I >think< this may work ..
--Ian
> 
> Best regards,
> seß - sinad



Mime
View raw message