httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Using script to retrieve remote username?
Date Thu, 27 Mar 2003 15:26:28 GMT
If I get your drift, you're trying to get a remote_user but you don't
want to require the user to authenticate. I'm afraid that would be
impossible.

The CGI environment variable REMOTE_USER only has meaning in the context
of an authenticated request. Basically, all requests are anonymous in
HTTP, except when you require the client to send an "Authorization"
header. This header then contains the username and password in a base64
encoded string.

Note that when you require authentication on a directory, the server
requires a valid Authorization header in *every* request. Luckily, the
browser caches the user/pass after the first challenge and knows to send
it automatically with every subsequent request to that dir. Otherwise,
you'd need to type in the password for every doc and image in the dir.

In an un-authenticated directory, there is no Authorization header
required hence no way to identify the remote user. You have other things
like, REMOTE_ADDR (client IP) and REMOTE_HOST (DNS lookup for client IP)
but they're not usually very useful.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

>-----Original Message-----
>From: Deac Nkisetlein [mailto:tweeg.news@gmx.de]
>Sent: Donnerstag, 27. März 2003 13:27
>To: users@httpd.apache.org
>Subject: [users@httpd] Using script to retrieve remote username?
>
>
>Dear listmembers,
>
>It's a apache 2.0.44 on a solaris 8 box running happily here. So far no
>problems. It is authenticating against windows pdc using 
>modauthldap from
>muquit.com. Everything works like a charm.
>
>As this kind of authentication is of type basic, I was trying to find
>another,
>more secure way. All I need this authentication for is a 
>script which needs
>to know the uid of the user requesting the site. The rest of 
>the content this
>apache is serving is public, as the apache is a intranet 
>webserver behind
>several firewalls.
>
>I was playing around with ntlm, but those solutions wouldnt nail down
>netscape too. So I tried around with perl and its netadmin 
>package. I was able to
>make a very small perlscript, that will retrieve the uid of 
>the logged in user
>on a given ip inside my domain.
>
>Heres my problem:
>
>My apache knows about the requesting ip/hostname. Is there a 
>possibility, to
>use this perlscript for instance inside httpd.conf in a way, that it is
>executed every time, a user calls a cgi, an alias ... 
>something like that.
>
>What I try to do is to know about the uid of the remote_user, 
>without having
>him to authenticate. So my users could call the script without
>authenticating but I do still know whos calling.
>
>Phew. Hope this was not too confusing.
>
>Thanks alot in advance!
>
>Regards.
>
>-- 
>+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
>Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message