APM: two part auth in CGI on Apache
jeremyb at univista.com
jeremyb at univista.com
Mon Apr 14 22:15:28 CDT 2003
Perlites,
I have a dir called content/ in a protected realm called owapi/ on my
test Apache server.
The content in content/ is regenerated every two minute by owapi.pl.
Thus, the content can be served using Location: redirects to
/content/stuff.html from the owapi.pl instead of having owapi.pl
generate all the content on the fly. Users must authenticate themselves
with a username and password prior to recieving the redirect.
Furthermore, the interface used for authentication must be portable to
WAP devices. That means that the pop-up authentication Apache uses on
protected realms is out because it's too cumbersome for WAP. Given that
stipulation, the authentication interface I'm using is a simple form
that uses owapi.pl and it's internal auth mechanism to check param(
username ) and param( password ) against and list of users and
passwords. The same form is displayed in wml or html depending what
Apache thinks your User-Agent is.
The problem I'm anticipating, though I'm not there yet, is that once
joeblow has authenticated using owapi.pl via the simple form, he may run
into trouble when owapi.pl redirects his browser to a relative url like
/content/stuff.html in the protected realm. He'll probably
get another login prompt from Apache. This doesn't make for a pleasant
user experience.
I could get away with having owapi.pl render all the content and use no
redirects but the
traffic on this server will be very high and I want to minimize CGI run
time as much as possible.
==Now, here's my question==
To avoid getting the second login prompt from Apache upon redirect to a
file in the protected
realm, is it possible to use the values of param() to have owapi.pl
authenticate to
Apache on joeblow's behalf?
============================
thanks in advance,
Jeremy
More information about the Austin
mailing list