httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michele Waldman" <mmwald...@nyc.rr.com>
Subject FW: [M] mod_auth_digest hook
Date Tue, 21 Apr 2009 16:54:09 GMT
Maybe, if I'm a little clearer someone might be able to point in the right
direction.  I don't think I need to modify mod_auth_digest, but another
apache module.

What I have is a person login into htaccess using ajax.  The file they
access has htaccess require valid-user.

The first time they log in, great.

To log out, they log into a logout account.  The file they access has
require user logout.

The next time they try to log into the account via ajax.  They are granted
access to the page they are calling, but remote_user is not set.

I put print statements in mod_auth_digest authenticate_digest_user to see
what was happening.

All of the values are right, the user is authenticated, but the new user
is not logged in.  Apache keeps them logged into the logout account and only
grants access to that one page.

Does anyone know which module I should modify to force a new login?  I'm
thinking whichever module calls the hooks has to be modified.  Is this
right?

It looks like I don't have to modify mod_auth_digest, which authenticates,
but probably the httpd module that calls the hooks and does the actually
logging in.  I was looking at the module util_script.c which sets
remote_user, but I'm not sure if this is the right module.  I'm not
terribly familiar with apache.  It also just sets remote_user to r->user,
which should work.  I may need to look at the module that calls that
ap_add_commom_vars to see if it's not being called.  If this is the only
module that sets the environment variable, then I think it's being
skipped.

I tried implementing htaccess require restrict logout.  But since the new
user is not logout access is granted for that page, but the account is not
logged into.

It seems to me if a page is accessed and granted a page in the directory
with new creditials, apache would log in the new user but doesn't.

M*


Mime
View raw message