Hi, I've encountered an issue where after configuring Digest auth as described here http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms, the authentication function get_realm_hash is not invoked unless in the apache config you set "Require valid-user". If I do include this directive, and my auth function doesn't find a matching user, apache immediately sends a 401 to the client. What I want it to do is to continue with the request and invoke the wsgi app. I would then use authorization code downstream to determine what can and can't be accessed.
For anyone familiar with how repoze.who works for example, it can happily find no matching user during the authentication step, and let your downstream authorizers handle that. This digest thing is semi temporary, but I'm curious if this can be considered a bug, or if I'm misunderstanding apache's mod_auth_digest somehow. Seems like "Require valid-user" shouldn't be required for the authentication function to be called. If there is no easy work around, I'll have to implement digest within repoze.who, which currently only has basic auth from what I see. Thankfully AuthKit has a complete reference python implementation. Nikita -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
