Maybe, I'm missing something. I was talking about needing to change apache,
but I decided to try something else.
I've got this:
FilesMatch .*[^(login.php|logout.php)]
AuthType Digest
AuthName account
AuthUserFile /home/path/public_html/account/.htpasswd
Require user admin
@httpd.apache.org
Subject: mod_auth_digest amiss
Maybe, I'm missing something. I was talking about needing to change
apache,
but I decided to try something else.
I've got this:
FilesMatch .*[^(login.php|logout.php)]
AuthType Digest
AuthName account
AuthUserFile /home/path
Am I mistaken in thinking I should not be logged in as admin? Or that
there
is someway to force this to happen?
This is just your browser using stored credentials. It doesn't know
the significance of your logout user.
--
Eric Covener
cove...@gmail.com
Maybe, if I'm a little clearer someone might be able to point in the right
direction. I don't think I need to modify mod_auth_digest, but another
apache module.
What I have is a person login into htaccess using ajax. The file they
access has htaccess require valid-user.
The first time they log
I'm going to check the versions of apache on the machines, but on my server
when I try to login via ajax, the new user gets logged in.
On my client's mod_auth_digest loops through the previous connections,
returns that authentication and does not log the user in.
Are there some flags
Does anyone know?
After a browser calls a page authenticated with mod_auth_digest, what
function or hook is called the next time the page is accessed.
I figure it has to authenticate each time, but it's probably using a short
cut to reauthenticate. I want to intervene but I'm not sure what's
Reply. I put print statements in the mod_auth_digest file to see values.
I didn't see subsequent call, but I forgot to check the timestamps.
I'll look again.
Thanks.
Margaret Michele Waldman
Sovereign Sites L.L.C.
Website Development
646-861-3375
Rule your domain ...
-Original Message
, I'm going
to see if I can force reauthentication in this case.
As you may remember, I modified mod_auth_digest to authenticate against
mysql.
If this works then I can get Rest Based Authentication to work for Safari
and Chrome. I probably won't work tonight, so hopefully I'll know by
tomorrow
Lol. I'm using the proper syntax on the server. Just checked.
-Original Message-
From: Eric Covener [mailto:cove...@gmail.com]
Sent: Thursday, February 12, 2009 2:49 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
On Thu, Feb 12, 2009 at 2:25 PM, Michele
On Thu, Feb 12, 2009 at 3:27 PM, Michele Waldman mmwald...@nyc.rr.com wrote:
RewriteCond ${REMOTE_USER} . does not seem to work when the REMOTE_USER is
not defined. The statement evaluates to true.
What happens when you use the proper syntax, %{REMOTE_USER}?
Lol. I'm using the proper
-
From: Michele Waldman [mailto:mmwald...@nyc.rr.com]
Sent: Thursday, February 12, 2009 3:28 PM
To: modules-dev@httpd.apache.org
Subject: RE: Making mod_auth_digest mysql
Lol. I'm using the proper syntax on the server. Just checked.
-Original Message-
From: Eric Covener [mailto:cove
On Thu, Feb 12, 2009 at 3:44 PM, Michele Waldman mmwald...@nyc.rr.com wrote:
Basically, when I user is logged out, %{REMOTE_USER} is not defined. It
seems any rewritecode using an undefined server environment variable always
evaluates to true. I don't want this. I want false if not defined.
On Thu, Feb 12, 2009 at 3:49 PM, Michele Waldman mmwald...@nyc.rr.com wrote:
I'm doing this:
RewriteEngine On
RewriteCond %{REMOTE_USER} .
RewriteRule ^.*$ - [S=1]
RewriteRule ^.*$ http://domain/logged_out.html?%{N} [R]
AuthType Digest
AuthName account
AuthUserFile /path/.htpasswd
Michele Waldman wrote:
I'm doing this:
RewriteEngine On
RewriteCond %{REMOTE_USER} .
RewriteRule ^.*$ - [S=1]
RewriteRule ^.*$ http://domain/logged_out.html?%{N} [R]
AuthType Digest
AuthName account
AuthUserFile /path/.htpasswd
Require valid-user
1) The user is logged in.
2) The user logs
There is not authentication requirement for logged_out it's in a higher
directory.
-Original Message-
From: Joe Lewis [mailto:j...@joe-lewis.com]
Sent: Thursday, February 12, 2009 4:46 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
Michele Waldman wrote
Michele Waldman wrote:
There is not authentication requirement for logged_out it's in a higher
directory.
Okay, then. I'm afraid I am not understanding everything here. I doubt
the wheel needs to be reimplemented, but it seems the push is in that
direction. For my feeble mind, can you
It is different that just authenticating.
Due to an htaccess authentication implementation, it requires a work around
to prevent those pesky popups the browsers produce.
I'm trying to do a spin on this:
http://www.berenddeboer.net/rest/authentication.html
Implementing the mod_auth_digest
Michele Waldman wrote:
All the actual authentication if fine. I wouldn't rely on cookies for
security. It sounds like cookies would be a fake security.
I was thinking about creating a logout cookie.
Then, the popup would only happen if the user hacked their cookies.
Shame on them.
But it
I don't drink that frequently, but when I do I get chatty, even on the
computer.
-Original Message-
From: Ray Morris [mailto:supp...@bettercgi.com]
Sent: Sunday, February 08, 2009 8:00 PM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
Sorry, about
evaluate to true?
Michele
-Original Message-
From: Dave Ingram [mailto:d...@dmi.me.uk]
Sent: Friday, February 06, 2009 5:55 AM
To: modules-dev@httpd.apache.org
Subject: Re: Making mod_auth_digest mysql
The -f and -d flags for RewriteCond are for checking the file system,
not environment
On Fri, Feb 6, 2009 at 8:49 AM, Michele Waldman mmwald...@nyc.rr.com wrote:
I mean to check server environment variables which is what REMOTE_USER is.
This might be better off on us...@httpd.apache.org
I just want to know if the variable is defined on the server then I could do
this:
The -f and -d flags for RewriteCond are for checking the file system,
not environment variables, although they can use environment variables
if necessary. For example:
RewriteCond %{DOCUMENT_ROOT}/%{ENV:foo} -d
would check that the folder named by the environment variable foo
exists in the
2009/2/1 Michele Waldman mmwald...@nyc.rr.com:
The userlist (http://httpd.apache.org/userslist.html) might be a
better place, but...
I want to do the following in htaccess for account security:
FilesMatch .*[^(wp_login.php|logout.php)]
That would not do what it should do. [^...] is a negated
23 matches
Mail list logo