Thanks Charles, The reason I want to use basic authentication is to compliment an https:// connection to Weblet. I would like to challenge for a usrname/passwd for access to any of the pages/scripts. Although the user will only have to authenticate once per session of course.
This authentication can happen at a default login page (i.e. login.cgi) or just have a web browser authentication Window pop-up. Whatever is easier to do with sh-www. If I just want a Authentication window to pop-up from my browser, should this not just be a function of the httpd daemon? You know, something I'd enable in the .conf file (i.e. AUTH_CONNECTIONS=yes)???? Any thoughts? -----Original Message----- From: Charles Steinkuehler [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 26, 2003 12:26 PM To: Bihari, Steve Cc: '[EMAIL PROTECTED]' Subject: Re: [leaf-user] sh-httpd Authentication Bihari, Steve wrote: > Hi All, > > Quick question: > > Does anyone know of a quick and easy way to provide basic username/passwd > authentication to access Weblet? Hack the source code. :-) The username and password are passed to the web-server as headers, so you should be able to parse them in either the web-server script itself, or in a cgi-bin program if you only need to secure access to particular function. Someone may have already made patches for this, but IIRC, I've only seen extentions for supporting the POST method, rather than any authentication. I think basic authentication is viewed as insecure enough no-one has felt a pressing need to implement it when there are already good methods for IP based access control, and secure authentication (and encryption) can be provided by tunneling through ssh. -- Charles Steinkuehler [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
