Please explain again how to get my AuthHandler called without setting
AuthName or AuthType in httpd.conf.
Thanks.
-Todd
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> By choosing to use your custom AuthHandler, you basically override Apache's way of
> handling the particular phase, in this case the authentication phase. So you must
> handle prompting the user and also checking the password.
>
> You might want to read the Apache Guide (http://perl.apache.org/) on how to write you
> own handler and also the eagle book.
>
> After reviewing our previous conversation, I think you might need to send
> WWW-Authenticate header field in another phase (preferable at the
> PerlHeaderParserHandler) before the Authentication phase is called.
>
> Your PerlHeaderParserHandler can check the $r->uri for any password protected
> requests, i.e., if it matches /companyA, you can then set the WWW-Authenticate: Basic
> $realm and push it along it's merry way.
>
> Then your PerlAuthHandler will get the username and password and check it against the
> realms' AuthUserFile. Apache will handle the initial prompting for the
> username/password.
>
> Your requirements imply that you will have a file(??) that has a list of UserFiles
> for each Realm/path_info so that your authentication handler will know what file to
> check against.
>
> I hope this make sense ;) my coffee is running low...
>
> -Carlos
>
>
> Todd Chapman wrote:
>
> > Thanks for the help. I was hoping that Apache would check the password for
> > me but this should work.
> >
> > Now, how do I get Apache to run my PerlAuthenHandler without setting the
> > AuthType or AuthName in httpd.conf?
> >
> > Do I need to do the Authentication in a PerlHandler?
> >
> > -Todd
> >
> > On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> >
> > > 1. Oh, I mis-interpreted your question. I thought you already had a list of
> > > virtual directories with the
> > > AuthNames defined.
> > >
> > > You can set the AuthName by sending them in the server response header field:
> > >
> > > WWW-Authenticate Basic $realm
> > >
> > > So the first request to /companyA, you AuthHandler will respond with:
> > >
> > > $r->header_out(WWW-Authenticate => 'Basic $realm); ## Sets Realm field
> > > $r->note_basic_auth_failure; ## Prompts for password
> > >
> > > The when a username and password are supplied i.e.
> > > ($ret,$password) = $r->get_basic_auth_pw;
> > >
> > > where $ret = 1;
> > >
> > > Then:
> > > 1. determine the AuthUserFile
> > > 2. use Apache::Htpasswd to check password
> > >
> > > -Carlos
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Todd Chapman wrote:
> > >
> > > > Problems with your suggestion:
> > > >
> > > > 1. The realm will not be known until I get path_info so
> > > > <Location></Location> directives will not work.
> > > >
> > > > 2. How can I get Perl to do the password lookup in the dynamically
> > > > selected AuthUserFile?
> > > >
> > > > Thanks for the help.
> > > >
> > > > -Todd
> > > >
> > > > On Wed, 27 Sep 2000, Carlos Ramirez wrote:
> > > >
> > > > > You can you use Location to specify seperate AuthUserFile's like so:
> > > > >
> > > > > <Location /companyA>
> > > > > AuthType Basic
> > > > > AuthName CompanyA
> > > > > AuthUserFile path/to/CompanyAUsersFile
> > > > >
> > > > > </Location>
> > > > > ....
> > > > > <Location /companyN>
> > > > > AuthType Basic
> > > > > AuthName CompanyN
> > > > > AuthUserFile path/to/CompanyNUsersFIle
> > > > > </Location>
> > > > >
> > > > >
> > > > > Or you can write your own AuthHandler that lookups up AuthName, AuthUserFile
> > > > > in a seperate file against the path_info. This will eliminate the need to
> > > > > flood you httpd.conf file with a bunch of <Location></Location> directives.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Todd Chapman wrote:
> > > > >
> > > > > > I have read chapter 6 of the modperl book but still don't know how to set
> > > > > > up authenification the way I want. I would like to use Basic
> > > > > > authentification to protect virtual documents. The trick is that I want
> > > > > > to set AuthName and AuthUserFile based on path_info.
> > > > > >
> > > > > > For example:
> > > > > >
> > > > > > http://virtual/companyA/dir1
> > > > > >
> > > > > > would prompt for a password in the companyA realm and check it against the
> > > > > > appropriate AuthUserFile.
> > > > > >
> > > > > > How do I add this flexibility without reinventing the parts Apache already
> > > > > > does so well?
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > -Todd
> > > > >
> > > > > --
> > > > > -----------------------------------------------------------------------
> > > > > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> > > > > -----------------------------------------------------------------------
> > > > > - Someday I'll find that peer and reset his connection!
> > > > >
> > > > >
> > > > >
> > >
> > > --
> > > -----------------------------------------------------------------------
> > > Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> > > -----------------------------------------------------------------------
> > > - Someday I'll find that peer and reset his connection!
> > >
> > >
> > >
>
> --
> -----------------------------------------------------------------------
> Carlos Ramirez + Boeing + Reusable Space Systems + 714.372.4181
> -----------------------------------------------------------------------
> - Someday I'll find that peer and reset his connection!
>
>
>
