Peter Schober wrote:
* André Warnier <aw@xxxxxxxxxx> [2009-05-11 19:24]:in all kinds of applications that can run under Apache, to obtain a user-id ? The answer is basically no, because Apache (and HTTP) do not define such a standard mechanism.Support for REMOTE_USER is not so bad, I'd say.
Well, REMOTE_USER is a cgi environment variable. It is only set for applications that run as cgi-bin's.
Without being absolutely certain, I would assume that any of the standard mod_auth* modules supplied with Apache would, after authentication, set the user-id into some field of the internal Apache request record.
So theoretically (if it was set), any program/module running under Apache /could/ obtain this authenticated user-id from Apache, by reading it from this internal request record, presuming they had an interface to do so.
The question is, do they ?The question is also, do all of these other add-on authentication modules set this same field in the internal Apache record ?
They are certainly not obliged to by any RFC I've read. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|