> i canna get the PerlAuthenHandler to do ANYTHING. first
> line of code after $r = shift is $r->warn() but nothing
> shows up in the log. aaugh!
>
> i copied the sample code from 'illustrated security scenarios'
> at http://perl.apache.org/guide/security.html nearly verbatim,
> (cut & paste + munge) changed '(*PASSED*)' to a simple test
> (moot, at this point) and inserted a few $r->warn("") for tracing
> and debugging purposes.
>
> access_handler() works fine. all its $r->warn output shows up
> in the logfile as it should.
>
> BUT i never see any incursion into the authen_handler() AT ALL!
maybe you need "Order deny, allow" to trigger authentication
> [my main site is serensoft.com; the virtual site is dontUthink.com
> and the url i'm trying to test is dontUthink.com/auth ... it lets
> me in, every time, without asking for any userid:password.]
>
> httpd.conf:
> PerlModule Serensoft::Auth
>
> <Location /auth>
> PerlAccessHandler Serensoft::Auth::access_handler
> PerlSetVar Intranet "this => that"
> PerlAuthenHandler Serensoft::Auth::authen_handler
> AuthName "dontUthink subscriber"
> AuthType Basic
> Require valid-user
> </Location>
>
> Serensoft/Auth.pm:
> Package Serensoft::Auth;
> use strict;
> use Apache::Constants qw(:common);
>
> [snip]
>
> sub authen_handler {
> my $r = shift;
> $r->warn('authen_handler'); # <== NEVER gets here!!!
>
> # get user's authentication credentials
> my ($res, $sent_pw) = $r->get_basic_auth_pw;
> return $res if $res != OK;
> my $user = $r->connection->user;
>
> # authenticate through DBI
> my $reason = authen_dbi ($r, $user, $sent_pw); # $level? eh?
>
> if ($reason) {
> $r->note_basic_auth_failure;
> $r->log_reason ($reason, $r->uri);
> return AUTH_REQUIRED;
> }
> return OK;
> }
>
> i even tried adding
> $r->set_handlers(PerlAuthenHandler => [\&authen_handler]);
> right at the end of access_handler() (before returning OK)
> but alas, to no avail.
>
> what obvious dial have i forgotten to frob?
>
> -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
> Their is five errers in this sentance.
>
