Stuart Jansen wrote: > I'm using Apache 2.0.48, mod_perl 1.99_12, and Apache::AuthCookie to > create a custom authentication scheme. I've noticed that while apache > normally logs the $REMOTE_USER, it doesn't log it when accessing PHP > pages. The pages are still correctly protected.
the way these environment variables work is that if a module (mod_php, mod_perl, mod_cgi) wants them visible to users they call a few core Apache APIs (ap_add_common_vars and ap_add_cgi_vars) to generate them in the subprocess_env table. it's then further up to the individual module to make the contents of that table visible to the environment. mod_cgi uses another core Apache call, while mod_perl does it manually. I can see the call to ap_add_common_vars() in the php code, which is the core API that populates REMOTE_USER in the environment, provided r->user was previously set (generally by a call to get_basic_auth_pw, which Apache::AuthCookie does). are other variables, such as DOCUMENT_ROOT or SERVER_ADMIN present? if this were mod_perl, you would need to use PerlOptions +SetupEnv in your httpd.conf to make the variables visible. I'm not php savvy - is there an option you're missing someplace? > At first I thought > $_SERVER["REMOTE_USER"] wasn't always being populated by PHP, but it > looks like that is working. However, $PHP_AUTH_USER isn't getting set. I > suspect that Apache logging and $PHP_AUTH_USER are related issues. At > work, we currently use a proprietary Apache 2 authentication module that > successfully logs the user and populates $PHP_AUTH_USER, so I know it > can be done. Would it be possible to modify mod_perl and/or > Apache::AuthCookie to do the same? well, you mean have Apache::AuthCookie populate PHP_AUTH_USER? probably not, since it's rather PHP specific :) > > I've done alot of googling, but I haven't been able to find mention of > my problem. Is this an known issue? If so, what is the solution? > > I've only been using mod_perl about a week, but I'm loving it so far. > Amazing stuff. > indeed. you've reached the point of no return now. HTH --Geoff -- Reporting bugs: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html