tcl-websh-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Holger Zeinert" <holger.zein...@lmsintl.com>
Subject RE: Authentification
Date Fri, 20 Feb 2009 16:53:20 GMT
Hi Ronny,

some time ago (Apr 2006) we had a discussion on how to add access to user/password from the
authentication of APACHE.

Today I installed websh on a new server (upgrading to APACHE 2.2.10). 
I had some problems, which basically resulted from using

    web::response -httpresponse  "HTTP/1.x 401"

which worked fine with APACHE 2.0. Now it needs to be

    web::response -httpresponse  "HTTP/1.0 401 Unauthorized"

otherwise the response status will not make it to the browser. Instead "HTTP/1.0 200 OK" is
sent, which is not triggering the user/password dialog in the browser. 
This seems to be in the APACHE part, at least I did not see anything in websh to do this.


> > > > Any suggestions why it should (or not) be included?
> > > 
> > > simple answer: it's available in 
> > > 	- Rivet 
> > > 		via $USER(user) / $USER(pass) 
> > > 	- PHP 
> > > 		via a variable $PHP_AUTH_USER / $PHP_AUTH_PW rsp.
> > > 		$_SERVER['PHP_AUTH_USER'] / $_SERVER['PHP_AUTH_PW'], 
> > > 		see http://de3.php.net/manual/de/features.http-auth.php
> > > 
> > > PHP mentions, that it only works if PHP is used as module. I 
> > > guess the same would apply to WebSH. If an external auth mechanism
> > > was used, then REMOTE_USER is set and user/password is not
> > > available for security reasons.
>  
> You have me almost convinced :-) ...

For this new installation I decided to use the newest version from SVN, also because there
were some bugfixes with response and APACHE 2.2 reported. I sadly recognized, that the changes
were not in (yet). Any plans to do so? 

However, I integrated your patch for 2.0 and it again works like a charm for me.

Best regards
Holger


Holger Zeinert
Product Development Manager LMS TecWare

LMS Deutschland GmbH
Test Division
Luxemburger Str. 7
D-67657 Kaiserslautern [Germany]

T +49 631 30322 223
M +49 163 4166 300
F +49 631 30322 166

mailto:holger.zeinert(a)lmsintl.com
http://www.lmsintl.com
___________________________________________
LMS Deutschland GmbH
Geschäftsführer: Heinz-Peter Vogt, Dr.-Ing. Urbain Vandeurzen
Sitz: Kaiserslautern
Registergericht: HRB Kaiserslautern 3706



---------------------------------------------------------------------
To unsubscribe, e-mail: websh-user-unsubscribe@tcl.apache.org
For additional commands, e-mail: websh-user-help@tcl.apache.org


Mime
View raw message