[albany-pm] A login/logout Authentication Question

David Scott david at scottcreativeservices.com
Sat May 17 07:37:14 PDT 2008 

I have a directory auth/test.
It is .htaccess protected with a login and password.

I want the auth directory to have a login page where temporary access is 
granted to a person who authenticates using off-site authentication.
I want to take that approved person using Location: to the test 
directory already .htaccess authenticated. Once in, his browser will 
allow him to access any pages in the test directory without having to 
re-authenticate until the browser is closed. I know that if I either 
change .htaccess or remove the person from .htgroup any further attempts 
to access the test directory will result in .htaccess asking for a login 
and password.

I want .htaccess to allow anyone from an .htgroup file.
After logging in, I will add that person to the .htgroup file before 
taking him to the test directory. I want to temporarily allow that 
person to use the test directory then logout. At that time I will drop 
that person from .htgroup file. I will generate the passwords for the 
password file so the visitor never knows the real login/password he is 
using. Even if he does know it, I will change it for his next access.
This way, a group of people with different login's and passwords can 
access the test directory only as many times as my program allows.
.
I have tried LWP::UserAgent credentials() with no success. .htaccess 
just asks for a login and password when the person arrives at the test 
directory.

    #code snippet
    my $ua = new LWP::UserAgent(keep_alive=>1);
    $ua->credentials('secure.ourshoppingkart.com:443', 'Members Only', 
'davidscott', 'avocado'); I also tried port 80 and the DES encrypted 
password.

I have also tried  HTTP::Headers with the same result
.
    $uname = 'davidscott';
    $password = 'avocado'; # I also tried the DES encrypted version 
'avU2MAZFSWxuY'
    require HTTP::Headers;
    $h = HTTP::Headers->new;
    $h->www_authenticate;
    $h->authorization_basic($uname, $password);

I think what I need to do is create/set http header fields and values.
Remote_User, Remote_Password,WWW.Authenticate,and Keep_Alive.

Does anyone have any suggestions or know what I need to do to accomplish 
this?

Thanks,
David Scott

More information about the Albany-pm mailing list