63 lines
2.1 KiB
Plaintext
63 lines
2.1 KiB
Plaintext
From: scrompton at quantisci.co.uk (Stephen Crompton)
|
|
Date: Fri, 16 Apr 1999 12:28:30 +0100
|
|
Subject: HTML Authentication with Python
|
|
References: <7f5iru$rlm@news.acns.nwu.edu> <14102.27498.772779.5941@bitdiddle.cnri.reston.va.us> <7f6577$8kp@news.acns.nwu.edu>
|
|
Message-ID: <37171EDE.9DFD027A@quantisci.co.uk>
|
|
Content-Length: 1757
|
|
X-UID: 1371
|
|
|
|
Matthew T Lineen wrote:
|
|
|
|
> Jeremy Hylton (jeremy at cnri.reston.va.us) wrote:
|
|
> > If you configure the server properly, users won't be able to run your
|
|
> > CGI scripts until the server has checked their username and password.
|
|
>
|
|
> Actually, I want the script to run because it pulls the "REMOTE_USER" key
|
|
> and populates a field in a form. If I knew that authentication through the
|
|
> server would allow me to pull this key, I wouldn't be authenticating through
|
|
> the script. Maybe the question / issue is that I don't understand the use
|
|
> of the REMOTE_USER key.
|
|
|
|
|
|
I think that is the issue here. The previous poster is correct, but it needs a
|
|
little explaining. If you set up a web-server with no authentication then
|
|
environ['REMOTE_USER'] is not set. The 'REMOTE_USER' environment variable is
|
|
set after client-server authentication has been performed. Basically it works
|
|
as follows
|
|
|
|
The user ask for a URL
|
|
|
|
..../name.cgi
|
|
|
|
The server sees that authentication is required and sends back a 401 error.
|
|
|
|
The client receives this a pops up an authentication window.
|
|
|
|
The user enters their details and the request is passed back to the server with
|
|
the Authorization information in plain text (well base64) in the header.
|
|
|
|
If this information is accurate (userid and password match) then the server
|
|
sets the environ['REMOTE_USER'] to the userid.
|
|
|
|
This is all that is passed to the cgi script, so all you have to do is set up
|
|
the web server correctly and then use the value of REMOTE_USER in your script.
|
|
|
|
Any further requests to a URL which is part of the same path (ie.
|
|
.../name.cgi/0/30/1?dothis) results in the client sending back the
|
|
Authorization header each time stopping the authentication window repeatedly
|
|
popping up.
|
|
|
|
Hope this helps.
|
|
|
|
Steve.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|