I tried to modify the Web agenda/calendar chronos (http://chronoss.sourceforge.net) in such a way that everyone can look at the calendar without authentication but changes need basic authentication. In other words, URLs like http://.../chronos?action=showday&.... should go through without authentication and only if an URL like http://.../chronos?action=editevent&.... is requested, basic authentication takes place.
The only related think I found googling is www.gossamer-threads.com/archive/mod_perl_C1/dev_F4/Apache::Test_patch_P25603 where the use of PerlHeaderParserHandler is suggested. The code discussed in this thread did not work out of the box, I append my version which works with apache-1.3.27. My question: Is this a good idea? Is there a better/more canonical way? Many thanks, Meik #--------------------------------------------------------------------- package Auth; # # from httpd.conf: # # PerlHeaderParserHandler Auth # AuthName "Chronos" # For some reason, this must be set. # # "AuthType" is not set. # # "PerlAuthenHandler" is not set use Apache; use Apache::Constants qw(:common); sub handler { my $r = shift; return OK unless $r->is_initial_req; # is this URL protected? return OK unless is_protected($r); # We got an answer using basic authentication if ($r->header_in('Authorization')){ my ($res,$password) = $r->get_basic_auth_pw; my $username = $r->connection->user; ... check ... if( ... not_authorized .... ) { $r->note_basic_auth_failure; return AUTH_REQUIRED; } return OK; } # switch to basic authentication. This is the realm we really use. $r->auth_name("Event Calendar"); $r->note_basic_auth_failure; return AUTH_REQUIRED; } sub is_protected { my $r= shift; my $meth=$r->method; my $args = $r->args; return 1 if $meth =~ /POST/; return 1 if $args=~ /delfile/; return 0; } 1; -- Meik Hellmund Institut fuer Mathematik, Uni Leipzig e-mail: [EMAIL PROTECTED] http://www.math.uni-leipzig.de/~hellmund