The existing policy allows you to change the environ value name. See
"environ_key" within
http://docs.repoze.org/bfg/1.3/zcml/remoteuserauthenticationpolicy.html
(or within the constructor of the policy object itself). The default is
REMOTE_USER. Use HTTP_X_FORWARDED_USER instead.
- C
On Mon, 2010-09-20 at 18:17 +0100, Chris Withers wrote:
> Hi All,
>
> I was wondering if one of these existed already so thought I'd ask here
> before I wrote one...
>
> So, we have a front end server running Apache, on Windows, doing NTLM
> auth (yay! go suckiness!). It proxies requests through to one of our
> back end servers, setting a header in the process:
>
> <Proxy *>
> Order deny,allow
> Allow from all
> RewriteEngine On
> RewriteCond %{LA-U:REMOTE_USER} (.+)
> RewriteRule . - [E=RU:%1]
> RequestHeader set X-Forwarded-User %{RU}e
> </Proxy>
>
> So, I need to turn the 'X-Forwarded-User' request header into the BFG
> user id. Anyone done an authentication policy that does this yet?
>
> cheers,
>
> Chris
>
> PS: Yes, this would be insecure, were the backend servers not all
> firewalled off to only accept requests from the front end ;-)
> _______________________________________________
> Repoze-dev mailing list
> Repoze-dev@lists.repoze.org
> http://lists.repoze.org/listinfo/repoze-dev
>
_______________________________________________
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev
