What I have problems with is how to propagate authentication information (REMOTE_USER, AUTH_TYPE, and possibly some SSL specific data) to the httpd that is "protected" by the reverse proxy. Ideally, I would like a setup in which the http/application server behind the proxy behaves as if it had performed HTTP Basic Authentication itself. This way, any kind of dynamic application (cgi, php, tomcat, zope, twisted, etc.) would be able to use its standard authentication APIs. Ideally, I would like to find an approach that works with various kinds of http daemons or at least one that requires only simple interventions on the httpds (i.e., better configuration than a custom module that has to be written for any type of httpd).
I have made initial experiments using RequestHeader (from mod-headers) to propagate the info. But I currently don't manage to access the REMOTE_USER environment variable on the proxy (RequestHeader add PropagatedRemoteUser "%{REMOTE_USER}e" fails to propagate any value). Also, I don't know whether it is possible to use mod-headers on the "protected" httpd (assuming it is Apache) to copy this propagated value to REMOTE_USER. But probably there are better approaches in the first place.
many thanks in advance for any input and guidance kind regards -bud -------------------------------------------------------------------------------------------------Ing. Bud P. Bruegger, Ph.D. +39-0564-488577 (voice), -21139 (fax)
Servizio Elaborazione Dati e-mail: bud@xxxxxxxxxxxxxxxxxxComune di Grosseto http://www.comune.grosseto.it/cie/ Via Ginori, 43 http://OpenPortalGuard.sf.net
58100 Grosseto (Tuscany, Italy) jabber: bud@xxxxxxxxxxxxx Free Software in Public Administration: not just a good idea, but a necessityPerfection is attained, not when there is nothing more to be added, but when there is nothing more to be taken away -- Antoine de Saint-Exupery
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx