> -----Original Message-----
> From: J. J. Horner [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 21, 2000 3:25 PM
> To: Blue
> Cc: [EMAIL PROTECTED]
> Subject: Re: PerlAuthenHandler and browsers
>
>
> On Wed, 21 Jun 2000, Blue wrote:
>
> > On Wed, 21 Jun 2000, J. J. Horner wrote:
> >
> > > For that reason, my handler can't rely on browsers to
> behave during the
> > > Authentication phase. I am going to have to find a way
> to force a user to
> > > input his password into the browser not using standard
> HTTP response
> > > codes.
> >
> > Could you elaborate on that a little more, please?
>
> When a browser is sent a 401 response code, it checks its
> password cache
> for a password for that REALM, and , if found, sends it. If it isn't
> found, it requests one from the user. IE 4.x never wants to
> ask the user
> for that, if it has one in its cache, even if the server sends a 401
> response back again. It appears to keep trying a few times.
>
> Under netscape, if I want a browser to pop another dialogue box (say a
> user has a valid password/uid pair, but I'm trying to force
> him to input
> it again), I can send back the 401 error and if the user
> doesn't cancel
> out, everything is fine. If the user cancels the dialogue,
> goes somewhere
> else, and then comes back, he can get it without submitting a
> username and
> password again.
>
> What I will have to do, I guess, will be to write a mod_perl
> handler to
> allow a CGI script to step in at the Authentication phase, request the
> users password again, in an html form, check that password against the
> password returned with $r->get_basic_auth_pw and if the check returns
> true, send back the document originally requested.
>
> I am trying to find a way to spawn a subrequest so that the
> user can click
> a link, get the "Please verify password" page, then go on to what he
> requested.
>
> Does this clear it up?
you might want to check out Apache::TicketAccess and the example of ticket
based access in the eagle book if you decide move to form based verification
- a simple solution is spelled out pretty clearly there...
HTH
--Geoff
>
>
> --
> J. J. Horner
> Apache, Perl, Unix, Linux
> [EMAIL PROTECTED] http://www.knoxlug.org/
>
