[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Q]: WWW authentication
Hello folks,
Well, after all those 'Microsoft Hebrew' flamewars, let's talk about
something practical... ;)
I've got a question about Apache authentication configuration. There
are a number of sripts which I want to be run only by certain people.
After doing some reading, I came up with the following scheme:
1. I've created a directory /home/httpd/cgi-priv
2. Introduced it to srm.conf:
ScriptAlias /cgi-priv/ /home/httpd/cgi-priv/
3. Put the following directives into access.conf:
<Directory /home/httpd/cgi-priv>
AllowOverride None
Options ExecCGI
AuthType Basic
AuthUserFile /home/httpd/etc/cgi-priv.htpasswd
</Directory>
4. Created the file /home/httpd/etc/cgi-priv.htpasswd and put a couple
of name:password pairs in it with 'htpasswd'.
5. Put the scripts in cgi-priv
6. Restarted the httpd.
However, whenever I request some script from cgi-priv, the server just
gives it to me wihout even trying to perform any kind of
authentication.
So, what have I missed? What magic word should I add to make the
authentication work?
And another question: I want to obtain a login name of a user running
some script without making him enter such a name. You know, something
analogous to the 'From:' field in SMTP... Yes, I realize it's not
gonna be authorative and it is easy to fool the server with something
special cooked. But still, how can I get such information?
In CGI.pm there is a method user_name() which is supposed to return
something similar, but in my case it just returns an empty string...
Thanks in advance,
PS. The configuration is:
Linux 2.0.33
RedHat 5.0
Apache 1.2.5-1
--
Alexander L. Belikoff
Bloomberg LP / BFM Financial Research Ltd.
abel@bfr.co.il