Eli,
Have you set up your own authentication type or are you trying to overload
"basic" ?
If the former you might need to check your .htaccess config. If the
latter, it looks like your code is not setting something correctly.
For some reason the server is returning 401 - Unauthorised instead of 403
- Forbidden. My thought is that somehow your code is being ignored and
Apache is processing a basic authenication first.
Others on the list might know more about the exact sequence of events in
Apache.
You might want to take a look at Apache::AuthCookie which does something
similar to what you are trying to do I think.
HTH,
Simon Wilcox.
>From Eli Ben-Shoshan <[EMAIL PROTECTED]> Date 17:15:20 9
August 2000
To: [EMAIL PROTECTED]
cc: (bcc: Simon Wilcox/BASE/WilliamsLea)
Fax to:
Subject: Authentication/Authorization
All,
I work at a large university where some faculty/staff need a way to
only allow students to view certain web pages. Here at the university we
have a central authentication system (based on kerberos) that has been
extended to the browser. Basically the you login via SSL to a machine that
hands you a cookie. Then you go to a secured page where my perl module
verifies that cookie against one of the authentication servers. If you are
authenticated then the modules sets the connection to your user name
($r->connection->user('USERNAME')) and you get to view the page otherwise
you are redirected to the login server (which later redirects you back) to
get a valid cookie.
The authentication works beautifully but authorization seems to
fails. If I have a "require user joe" in an .htaccess file and you are not
joe then apache reverts to basic authentication which makes the browser
bring up the popup box to authenticate. What I would like to do is not have
that popup box come up but instead have some message that tells the user
that they are not authorized for the current url. The only solution that I
could think of was to write a PerlAuthzHandler that mimics apache's built
in authorization but there has got to be a better way. Thanks.
--
Eli Ben Shoshan ([EMAIL PROTECTED])
North East Regional Data Center (NERDC)
