httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marten Lehmann <lehm...@cnm.de>
Subject [users@httpd] mod_auth: username is in REMOTE_USER, but where are the groups?
Date Thu, 05 Aug 2010 22:15:31 GMT
Hello,

I have a pretty standard auth setup:

.htaccess:

AuthType Basic
AuthName "restricted"
AuthUserFile /webs/.htpasswd
AuthGroupFile /webs/.htgroups

Require group readwrite

.htpasswd:

user1:.....
user2:.....

.htgroups:

readwrite: user2
readonly: user1
eat-bananas: user2

Now when I access the page, the authorization works fine and the login 
I'm using to authenticate is stored in the env-variable REMOTE_USER by 
Apache.

But where are the groups? Doesn't Apache store the groups attached to 
the user in an env-variable? This would help me a lot because my 
application needs to know which roles/groups have been assigned to the 
user. So even while for login it is only required to be of the group 
"readwrite" it would be nice to see for the application, that the user 
has additional groups like "eat-bananas".

I hope I can rely on Apache for this, although it wouldn't be that hard 
to do it on my own. I just wouldn't like to update users and 
roles/groups in both, .htaccess files and source code of application.

Kind regards
Marten

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message