httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sander Holthaus - Orange XL" <i...@orangexl.com>
Subject Re: [users@httpd] Remote User Variable
Date Wed, 04 Dec 2002 01:16:04 GMT
MessageThat would be an option, however, from a security standpoint, it is not always the most
sensible option.

I would prefer to switch to Digest authentication, and use the AuthDigestDomain-directive
to include your cgi-script in the cgi-bin.
See http://httpd.apache.org/docs-2.0/mod/mod_auth_digest.html#authdigestdomain for more details.

Kind Regards,
Sander Holthaus
  ----- Original Message ----- 
  From: Andrew Kenna 
  To: users@httpd.apache.org 
  Sent: Tuesday, December 03, 2002 10:54 PM
  Subject: RE: [users@httpd] Remote User Variable


  Yep, you need to set the permissions on the cgi script in each directory you move it to.
Also you will need to set ExecCgi on the directory the cgi script lives in

  Andrew

    -----Original Message-----
    From: John Elser [mailto:jElser@ck8.uscourts.gov] 
    Sent: Wednesday, 4 December 2002 4:41 AM
    To: users@httpd.apache.org
    Subject: Re: [users@httpd] Remote User Variable


    My secured area is set up as /local/web/htdocs/coa/secure/shell.  This script then calls
a script that is in /cgi-bin.  But, from what you are telling me, the REMOTE USER variable
will not get passed to the script in /cgi-bin.  When I move my other script out of the /cgi-bin
directory and put it under the /local/web/htdocs/coa/secure/shell directory, it doesn't execute.
 I merely displays the script instead of executing it.

    Thanks,

    John
      ----- Original Message ----- 
      From: Sander Holthaus - Orange XL 
      To: users@httpd.apache.org 
      Sent: Monday, December 02, 2002 11:33 AM
      Subject: Re: [users@httpd] Remote User Variable


      The problem lies in the second script. Your REMOTE_USER-variable is ONLY passed on to
resoures in or below /local/web/htdocs/coa/secure/shell. This is logical, because that is
where you said Authenticiation was required. The REMOTE_USER variable will only be availble
if a client needed to authorize itself.
      An other problem could be how the script was called. Is it called by Apache or another
script?

      Kind Regards,
      Sander Holthaus 
        ----- Original Message ----- 
        From: John Elser 
        To: users@httpd.apache.org 
        Sent: Monday, December 02, 2002 6:11 PM
        Subject: Re: [users@httpd] Remote User Variable


        Thanks for the reply!  I really appreciated it.

        The way it is working now is that the login/password box comes up when the user accesses
a script that is in /local/web/htdocs/coa/secure/shell.  That part is working fine.  But,
I have another script that eventually gets called that needs to check to see who this user
is.  This script is not in the same directory.  For some reason, the REMOTE USER variable
isn't being passed or isn't being set.

        For what I'm doing, Basic is enough security...that is, if I can tell who a particular
user is.

        Any suggestions on what could be the problem?

        Thanks again,

        John
          ----- Original Message ----- 
          From: Sander Holthaus - Orange XL 
          To: users@httpd.apache.org 
          Sent: Monday, December 02, 2002 11:11 AM
          Subject: Re: [users@httpd] Remote User Variable


          Where is that script located? It it under the directory /local/web/htdocs/coa/secure/shell?

          Also, using AuthType Basic is in no way secure. Looked at AuthType Digest yet?

          Kind regards,
          Sander Holthaus
            ----- Original Message ----- 
            From: John Elser 
            To: users@httpd.apache.org 
            Sent: Monday, December 02, 2002 4:12 PM
            Subject: [users@httpd] Remote User Variable


            I want to pass the user's login to my script.  My httpd.conf file has this:
            <Directory "/local/web/htdocs/coa/secure/shell">
            AuthType Basic
            AuthName "By Invitation Only"
            AuthUserFile /usr/local/apache/bin/apachepw
            Require user jde hml skt
            </Directory>

            I get prompted for a login and password and I'm able to login in.   I then have
another script that checks for the user name.  

            My script contains this code (the script then goes into a series of if statements):
            $uname = $ENV{'REMOTE_USER'};

            But $uname is not being set to the user's login.  

            When I installed apache, I simply downloaded the binary version of it and did
a pkgadd on my solaris 8 system.  Do I need to add an apache module and compile apache before
I can determine who gets prompted for a login and password? Or am I missing something else?

            Thanks,
            John

             
Mime
View raw message