httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@asemantics.com>
Subject Re: interface of the 2.1 authentication framework / behaviour of mod_digest/mod_basic
Date Sun, 15 Feb 2004 23:15:40 GMT

On Feb 16, 2004, at 12:11 AM, André Malo wrote:

> * Axel Grossklaus <ag@pre-secure.de> wrote:
>
>> moin,
>
> Moin Moin ;-)
>
>> i would like the interface to allow modules to change the username
>> during the authentication process from the value that was passed by 
>> the
>> browser to some other value that will be used as authenticated user
>> further down the chain.
>
> I'd guess there's question what do you want to change when. In digest
> authentication the username is an integral part of the hashed data, so 
> you
> cannot change it during the authentication stage.
>
Depending on exactly what you want to do (and to what extend you control
the order of the modules during deployment) other tricks include setting
fake headers (which you application picks) up or using per-request
prviate module space (or r->notes if you are lazy) to mark a request; 
and
then (assuming you are last) set r->user different moments before 
cgi/handler
or control is handed over to the application. It is not uncommon to 
'spoof'
r->user to note, say, the data from an auth certificate or some ldap 
info
you got trough a rsa-securid login. But it is generally BETTER to add a
extra header or an extra env-var; and certainly cleaner.

Dw.

Mime
View raw message