Here's a simple handler that will set the AuthType and AuthName
dynamically and handle the authentication for you. This handler will
prompt you for a password when you try to acess /manual with the
AuthName, "The Manual" and prompt with the AuthName "The Icons" when you
try to access /icons.
On Wed, 27 Sep 2000, Todd Chapman wrote:
Problems with your suggestion:
1. The realm will not be known until I get path_info so
Location/Location directives will not work.
you can use $r-auth_name($realm) to set it at request time.
2. How can I get Perl to do the password lookup in
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
my $authheader = 'Basic realm="'.$realm.'"';
$r-header_out("WWW-Authenticate" ,$authheader);
there's a cleaner way for that:
$r-auth_name($realm);
$r-note_basic_auth_failure;
$r-status(AUTH_REQUIRED);
no need for that.
Thanks for the help Doug. This is what I have now but all I get is a
segementation fault in the log.
Any ideas?
-Todd
package Apache::SetRealm;
## Usage: PerlHeaderParserHandler Apache::SetRealm
use strict;
use Apache::Constants qw(:common);
sub handler {
my $r = shift;
# find the
$r->auth_name($realm), $r->auth_type($basic) did not work for me, which
is why I used the $r->header_out method. Also, after I set the outgoing
header and returned AUTH_REQUIRED, I got prompted but the $realm did not
show. Instead it displayed 'unknown' as the realm name. But when I set
the
On Thu, 28 Sep 2000, Todd Chapman wrote:
Thanks for the help Doug. This is what I have now but all I get is a
segementation fault in the log.
$r-note_basic_auth_failure;
if AuthType is not set, this will core dump. i just expanded the change
that defaults AuthType to Basic for
On Thu, 28 Sep 2000, Carlos Ramirez wrote:
$r-auth_name($realm), $r-auth_type($basic) did not work for me, which
is why I used the $r-header_out method. Also, after I set the outgoing
header and returned AUTH_REQUIRED, I got prompted but the $realm did not
show. Instead it displayed
Thanks Doug but I (and my customer) don't want to live on the CVS bleeding
edge right now. Can you suggest something else?
Original problem:
I need to set the realm for virtual documents based on path_info and use
Basic authentication. Otherwise I may have to move to some cooie based
On Thu, 28 Sep 2000, Todd Chapman wrote:
Thanks Doug but I (and my customer) don't want to live on the CVS bleeding
edge right now. Can you suggest something else?
yeah, add this to httpd.conf:
AuthType Basic
Duh! Thanks.
Now, is there any way to determine the realm the browser thinks it's
authentication to? Is the realm stored in the Authorization header or any
other headers?
-Todd
On Thu, 28 Sep 2000, Doug MacEachern wrote:
On Thu, 28 Sep 2000, Todd Chapman wrote:
Thanks Doug but I (and
Todd Chapman [EMAIL PROTECTED] writes:
Duh! Thanks.
Now, is there any way to determine the realm the browser thinks it's
authentication to? Is the realm stored in the Authorization header or any
other headers?
I wouldn't try to use realms in any serious way- various browsers
do various
Problems with your suggestion:
1. The realm will not be known until I get path_info so
Location/Location directives will not work.
2. How can I get Perl to do the password lookup in the dynamically
selected AuthUserFile?
Thanks for the help.
-Todd
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
1. Oh, I mis-interpreted your question. I thought you already had a list
of virtual directories with the
AuthNames defined.
You can set the AuthName by sending them in the server response header
field:
WWW-Authenticate Basic $realm
So the first request to /companyA, you AuthHandler will respond
Thanks for the help. I was hoping that Apache would check the password for
me but this should work.
Now, how do I get Apache to run my PerlAuthenHandler without setting the
AuthType or AuthName in httpd.conf?
Do I need to do the Authentication in a PerlHandler?
-Todd
On Wed, 27 Sep 2000,
By choosing to use your custom AuthHandler, you basically override Apache's
way of handling the particular phase, in this case the authentication phase.
So you must handle prompting the user and also checking the password.
You might want to read the Apache Guide (http://perl.apache.org/) on
how
Please explain again how to get my AuthHandler called without setting
AuthName or AuthType in httpd.conf.
Thanks.
-Todd
On Wed, 27 Sep 2000, Carlos Ramirez wrote:
By choosing to use your custom AuthHandler, you basically override Apache's way of
handling the particular phase, in this case
-Original Message-
From: Stas Bekman [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 28, 2000 3:45 PM
To: Geoffrey Young
Cc: 'Frank Plunkett'; [EMAIL PROTECTED]
Subject: RE: PerlAuthenHandler invalid command
On Mon, 28 Aug 2000, Geoffrey Young wrote:
build mod_perl
-Original Message-
From: Frank Plunkett [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 28, 2000 3:42 PM
To: [EMAIL PROTECTED]
Subject: Re: PerlAuthenHandler invalid command
Geoff
I did build with perl Makefile.PL PERL_AUTHEN=1
That was the first thing I thought also
I figured it out.
It was the dreaded permissions on the include directory.
thanks for the advise all.
Frank
-Original Message-
From: Frank Plunkett [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 28, 2000 3:42 PM
To: [EMAIL PROTECTED]
Subject: Re: PerlAuthenHandler invalid
build mod_perl with
perl Makefile.PL EVERTHING=1
or PERL_AUTHEN=1
HTH
--Geoff
-Original Message-
From: Frank Plunkett [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 28, 2000 3:31 PM
To: [EMAIL PROTECTED]
Subject: PerlAuthenHandler invalid command
Hi modperites,
Subject: RE: PerlAuthenHandler invalid command
build mod_perl with
perl Makefile.PL EVERTHING=1
or PERL_AUTHEN=1
HTH
--Geoff
-Original Message-
From: Frank Plunkett [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 28, 2000 3:31 PM
To: [EMAIL PROTECTED]
Subject: PerlAuthenHandler invalid
On Mon, 28 Aug 2000, Geoffrey Young wrote:
build mod_perl with
perl Makefile.PL EVERTHING=1
or PERL_AUTHEN=1
EVERYTHING=1 of course :)
I don't think MakeMaker uses Soundex module yet :)
HTH
--Geoff
-Original Message-
From: Frank Plunkett [mailto:[EMAIL PROTECTED]]
Plunkett' [EMAIL PROTECTED]; [EMAIL PROTECTED]
[EMAIL PROTECTED]
Date: Monday, August 28, 2000 3:40 PM
Subject: RE: PerlAuthenHandler invalid command
build mod_perl with
perl Makefile.PL EVERTHING=1
or PERL_AUTHEN=1
HTH
--Geoff
-Original Message-
From: Frank Plunkett
[ previous discussion snipped ]
httpd.conf or .htaccess (PerlModule hasta be in httpd.conf,
from my experience)--
PerlAccessHandler My::Auth::access_handler
PerlSetVar Intranet "10.10.10.1 = userA, 10.10.10.2 = userB"
PerlAuthenHandler My::Auth::authen_handler
Stas Bekman replied:
Argh, I wish I could always test every addition I have in the guide, some
code goes untested as it was posted to the mod_perl or contributed by
someone else. Then people come and use it, if something is wrong they send
me a patch I fix it. I guess this is a similar
SO -- Stas, here's a coupla extra tweaks i think you should
make so that cut/paste newbies (unlike me, of course) will
have an easier time with this particular example on the next
iteration:
It's corrected in the guide's cvs version! Thanks Will!
i canna get the PerlAuthenHandler to do ANYTHING. first
line of code after $r = shift is $r-warn() but nothing
shows up in the log. aaugh!
i copied the sample code from 'illustrated security scenarios'
at http://perl.apache.org/guide/security.html nearly verbatim,
(cut paste + munge)
i canna get the PerlAuthenHandler to do ANYTHING. first
line of code after $r = shift is $r-warn() but nothing
shows up in the log. aaugh!
[snip]
Location /auth
PerlAccessHandler Serensoft::Auth::access_handler
PerlSetVar Intranet "this = that"
thanks for your posts, guys!
Eric Cholet replied:
i copied the sample code from 'illustrated security scenarios'
at http://perl.apache.org/guide/security.html nearly verbatim,
(cut paste + munge) changed '(*PASSED*)' to a simple test
(moot, at this point) and inserted a few $r-warn("")
On Fri, 18 Aug 2000, will trillich wrote:
thanks for your posts, guys!
Eric Cholet replied:
i copied the sample code from 'illustrated security scenarios'
at http://perl.apache.org/guide/security.html nearly verbatim,
(cut paste + munge) changed '(*PASSED*)' to a simple test
On Wed, 21 Jun 2000, J. J. Horner wrote:
For that reason, my handler can't rely on browsers to behave during the
Authentication phase. I am going to have to find a way to force a user to
input his password into the browser not using standard HTTP response
codes.
Could you elaborate on that
When you installed mod_perl on the Stronghold server, did you indicate that
you wanted to install support for perl authentication handlers? (I think
adding PERL_AUTHEN=1 to the "perl Makefile.PL" command is the way to do
this.) Sorry to be so vague, but since I use "EVERYTHING=1" I really have
32 matches
Mail list logo