Re: [users@httpd] Modifying environment variables passed to CGI's.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/4/06, Jason Lingel <gdwfkd@xxxxxxxxx> wrote:

Thanks for your help.  It pointed me in the right direction, though it still
doesn't quite work.  Here are the entries I made in my httpd.conf:

RewriteLog /opt/asn/logs/rewrite.log
RewriteLogLevel 5
RewriteCond %{LA-U:REMOTE_USER} ^(.*)@ COMPANY.COM$
RewriteRule /.* - [E=REMOTE_USER:%1]


My intent is to modify the REMOTE_USER variable to drop the Kerberos Realm
name.  This seems to work correctly from the apache log entry:

 10.1.12.70 - - [04/Oct/2006:13:48:45 --0700]
[server1.company.com/sid#81ec8][rid#16c660/initial] (5)
lookahead: path=/oasis/preproduction/htdocs/gifs/oasis-
home.gif var=REMOTE_USER -> val=gdwfkd@xxxxxxxxxxx
10.1.12.70 - - [04/Oct/2006:13:48:45 --0700] [
server1.company.com/sid#81ec8][rid#16c660/initial] (4)
RewriteCond: input='gdwfkd@xxxxxxxxxxx' pattern='^(.*)@COMPANY.COM$' =>
matched
10.1.12.70 - - [04/Oct/2006:13:48:45 --0700]
[server1.company.com/sid#81ec8][rid#16c660/initial] (5)
setting env variable 'REMOTE_USER' to 'gdwfkd'

but the variable that gets passed to the CGI script still has the realm name
append to it.


The standard environment variables are set by apache immediately
before calling the CGI script and they can't be overridden.  If you
really need this, the only alternatives I know are:

1. Modify the module that is doing the authentication to set the
internal REMOTE_USER (actually, the apache internal variable that
later will be used to set the env variable REMOTE_USER) to the value
you want.

2. Instead of directly calling your cgi script, call another script
that simply resets the environment and then calls the main script.
This will cost you an extra process invocation for every request, of
course.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux