On 8/3/07, apache.org@xxxxxxxxxxx <apache.org@xxxxxxxxxxx> wrote: > Hi, > > Authentification is configured by PHP, it send to the browser required > headers in order to provide authentification : > header("WWW-Authenticate: Basic realm=\"Realm\""); > header("HTTP/1.0 401 Unauthorized"); > > For the CGI, it is called in Apache CONF as following : > AddHandler cgi-php5 .php5 .php > Action cgi-php5 /php5/php5-cgi > SuexecUserGroup <existing_user> users > > where /php5/php5-cgi is the executable compiled CGI PHP and > <existing_user> is an non privilegied user of the unix system. > So the PHP (CGI) script is executed with <existing_user> privilege. > > The authentification mechanism is OK, I login in the CGI script > perfectly with credential titi:toto but logs'apache don't indicate titi > as %<u (LogFormat) Ok, that's because apache never authenticates the user, so there is no user to speak of as far as apache is concerned. Normally you aren't even allowed to do authentication in cgi scripts (unless you use SECURITY_HOLE_PASS_AUTHORIZATION when compiling), since anyone else with an account on the same box could steal the password out of the environment. You are getting around that with some mod_rewrite trickery. If you really need the userid in the logs, then the only way to get it will be to have your CGI script supply it, since your CGI script is doing the auth work. One way to do that would be to have your CGI script send an additional response header containing the userid and then log that response header. So, for example, you CGI script could write X-Auth-User: userid and then you could include %{X-Auth-User}o in your log format string. (Then you could use Header unset to get rid of it before it wen to the client if you want. But that isn't strictly necessary since the userid isn't normally confidential.) Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx