[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Q]: WWW authentication




Hello folks,

Well, after all those 'Microsoft Hebrew' flamewars, let's talk about
something practical... ;)

I've got a question about Apache authentication configuration. There
are a number of sripts which I want to be run only by certain people.
After doing some reading, I came up with the following scheme:

1. I've created a directory /home/httpd/cgi-priv
2. Introduced it to srm.conf:

   ScriptAlias /cgi-priv/ /home/httpd/cgi-priv/

3. Put the following directives into access.conf:

   <Directory /home/httpd/cgi-priv>
   AllowOverride None
   Options ExecCGI
   AuthType Basic
   AuthUserFile /home/httpd/etc/cgi-priv.htpasswd
   </Directory>

4. Created the file /home/httpd/etc/cgi-priv.htpasswd and put a couple
   of name:password pairs in it with 'htpasswd'.
5. Put the scripts in cgi-priv
6. Restarted the httpd.

However, whenever I request some script from cgi-priv, the server just
gives it to me wihout even trying to perform any kind of
authentication.

So, what have I missed? What magic word should I add to make the
authentication work?


And another question: I want to obtain a login name of a user running
some script without making him enter such a name. You know, something
analogous to the 'From:' field in SMTP... Yes, I realize it's not
gonna be authorative and it is easy to fool the server with something
special cooked. But still, how can I get such information?

In CGI.pm there is a method user_name() which is supposed to return
something similar, but in my case it just returns an empty string...

Thanks in advance,

PS. The configuration is:
	Linux 2.0.33
	RedHat 5.0
	Apache 1.2.5-1

-- 
Alexander L. Belikoff
Bloomberg LP / BFM Financial Research Ltd.
abel@bfr.co.il