Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 7729 invoked by uid 500); 2 Dec 2002 17:16:11 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 7718 invoked from network); 2 Dec 2002 17:16:11 -0000 Received: from orangexl.cust.2ndreality.nl (HELO mail.orangexl.nl) (213.239.135.95) by daedalus.apache.org with SMTP; 2 Dec 2002 17:16:11 -0000 Received: (qmail 56736 invoked by uid 89); 2 Dec 2002 17:18:48 -0000 Received: from cp262152-a.roose1.nb.home.nl (HELO FamHolthaus) (217.122.6.250) by orangexl.cust.2ndreality.nl with SMTP; 2 Dec 2002 17:18:48 -0000 Message-ID: <003b01c29a28$ff15e6f0$0200a8c0@FamHolthaus> From: "Sander Holthaus - Orange XL" To: References: <019801c29a15$35bfd3f0$ca617f9c@JELSER> <002101c29a25$cbe1b730$0200a8c0@FamHolthaus> <026101c29a25$e25d2da0$ca617f9c@JELSER> Date: Mon, 2 Dec 2002 18:33:58 +0100 Organization: Orange XL MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0038_01C29A31.60AC8830" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] Remote User Variable ------=_NextPart_000_0038_01C29A31.60AC8830 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable The problem lies in the second script. Your REMOTE_USER-variable is ONLY = passed on to resoures in or below /local/web/htdocs/coa/secure/shell. = This is logical, because that is where you said Authenticiation was = required. The REMOTE_USER variable will only be availble if a client = needed to authorize itself. An other problem could be how the script was called. Is it called by = Apache or another script? Kind Regards, Sander Holthaus=20 ----- Original Message -----=20 From: John Elser=20 To: users@httpd.apache.org=20 Sent: Monday, December 02, 2002 6:11 PM Subject: Re: [users@httpd] Remote User Variable Thanks for the reply! I really appreciated it. The way it is working now is that the login/password box comes up when = the user accesses a script that is in = /local/web/htdocs/coa/secure/shell. That part is working fine. But, I = have another script that eventually gets called that needs to check to = see who this user is. This script is not in the same directory. For = some reason, the REMOTE USER variable isn't being passed or isn't being = set. For what I'm doing, Basic is enough security...that is, if I can tell = who a particular user is. Any suggestions on what could be the problem? Thanks again, John ----- Original Message -----=20 From: Sander Holthaus - Orange XL=20 To: users@httpd.apache.org=20 Sent: Monday, December 02, 2002 11:11 AM Subject: Re: [users@httpd] Remote User Variable Where is that script located? It it under the directory = /local/web/htdocs/coa/secure/shell? Also, using AuthType Basic is in no way secure. Looked at AuthType = Digest yet? Kind regards, Sander Holthaus ----- Original Message -----=20 From: John Elser=20 To: users@httpd.apache.org=20 Sent: Monday, December 02, 2002 4:12 PM Subject: [users@httpd] Remote User Variable I want to pass the user's login to my script. My httpd.conf file = has this: AuthType Basic AuthName "By Invitation Only" AuthUserFile /usr/local/apache/bin/apachepw Require user jde hml skt I get prompted for a login and password and I'm able to login in. = I then have another script that checks for the user name. =20 My script contains this code (the script then goes into a series = of if statements): $uname =3D $ENV{'REMOTE_USER'}; But $uname is not being set to the user's login. =20 When I installed apache, I simply downloaded the binary version of = it and did a pkgadd on my solaris 8 system. Do I need to add an apache = module and compile apache before I can determine who gets prompted for a = login and password? Or am I missing something else? Thanks, John ------=_NextPart_000_0038_01C29A31.60AC8830 Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

The problem lies in the second script. = Your=20 REMOTE_USER-variable is ONLY passed on to resoures in or=20 below /local/web/htdocs/coa/secure/shell. This is logical, because = that is=20 where you said Authenticiation was required. The REMOTE_USER variable = will only=20 be availble if a client needed to authorize itself.

An other problem could be how the = script was=20 called. Is it called by Apache or another script?

Kind Regards,

Sander Holthaus

----- Original Message -----
From:=20 John=20 Elser
To: users@httpd.apache.org =

Sent: Monday, December 02, 2002 = 6:11=20 PM

Subject: Re: [users@httpd] = Remote User=20 Variable

Thanks for the reply! I really = appreciated=20 it.

The way it is working now is that the = login/password box comes up when the user accesses a script that = is in=20 /local/web/htdocs/coa/secure/shell. That part is working = fine. =20 But, I have another script that eventually gets called that needs to = check to=20 see who this user is. This script is not in the same=20 directory. For some reason, the REMOTE USER variable isn't being = passed=20 or isn't being set.

For what I'm doing, Basic is enough=20 security...that is, if I can tell who a particular user = is.

Any suggestions on what could be the=20 problem?

Thanks again,

John

----- Original Message -----
From:=20 Sander Holthaus -=20 Orange XL
To: users@httpd.apache.org =

Sent: Monday, December 02, = 2002 11:11=20 AM

Subject: Re: [users@httpd] = Remote User=20 Variable

Where is that script located? It it = under the=20 directory /local/web/htdocs/coa/secure/shell?

Also, using AuthType Basic = is in no way=20 secure. Looked at AuthType Digest yet?

Kind regards,

Sander Holthaus

----- Original Message ----- =
From:=20 John Elser
To: users@httpd.apache.org =

Sent: Monday, December 02, = 2002 4:12=20 PM

Subject: [users@httpd] = Remote User=20 Variable

I want to pass the user's login = to my=20 script. My httpd.conf file has this:

<Directory=20 "/local/web/htdocs/coa/secure/shell">
AuthType = Basic
AuthName "By=20 Invitation Only"
AuthUserFile = /usr/local/apache/bin/apachepw
Require=20 user jde hml skt

</Directory>

I get prompted for a login and = password and=20 I'm able to login in. I then have another script that = checks=20 for the user name.

My script contains this code (the = script then=20 goes into a series of if statements):

$uname =3D = $ENV{'REMOTE_USER'};

But $uname is not being set to = the user's=20 login.

When I installed apache, I simply = downloaded=20 the binary version of it and did a pkgadd on my solaris 8 = system. Do=20 I need to add an apache module and compile apache before I can = determine=20 who gets prompted for a login and password? Or am I missing = something=20 else?

Thanks,

John

------=_NextPart_000_0038_01C29A31.60AC8830--