APM: two part auth in CGI on Apache

jeremyb at univista.com jeremyb at univista.com
Mon Apr 14 18:23:05 CDT 2003


Perlites,

  I have a dir called content/ in a protected realm called owapi/ on my test
Apache server.
The content in content/ is regenerated every two minute by owapi.pl. Thus,
the content can be served using Location: redirects to /content/stuff.html
from the owapi.pl instead of having owapi.pl generate all the content on the
fly.  Users must authenticate themselves with a username and password prior
to recieving the redirect.  Furthermore, the interface used for
authentication must be portable to WAP devices.  That means that the pop-up
authentication Apache uses on protected realms is out because it's too
cumbersome for WAP.  Given that stipulation, the authentication interface
I'm using is a simple form that uses owapi.pl and it's internal auth
mechanism to check param( username ) and param( password ) against and list
of users and passwords.  The same form is displayed in wml or html depending
what Apache thinks your User-Agent is.  

The problem I'm anticipating, though I'm not there yet, is that once joeblow
has authenticated using owapi.pl via the simple form, he may run into
trouble when owapi.pl redirects his browser to a relative url like
/content/stuff.html in the protected realm.  He'll probably
get another login prompt from Apache.  This doesn't make for a pleasant user
experience.

I could get away with having owapi.pl render all the content and use no
redirects but the
traffic on this server will be very high and I want to minimize CGI run time
as much as possible.   
 
==Now,  here's my question==
To avoid getting the second login prompt from Apache upon redirect to a file
in the protected 
realm, is it possible to use the values of param() to have owapi.pl
authenticate to
Apache on joeblow's behalf? 
============================   


thanks in advance,
  Jeremy




More information about the Austin mailing list