Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: Re: Apache AuthType problem

by Jonathan (Curate)
on Feb 21, 2001 at 21:28 UTC ( [id://59974]=note: print w/replies, xml ) Need Help??


in reply to Re: Apache AuthType problem
in thread Apache AuthType problem

Hmmm, not to sure I understand what you mean (One day I promise to stay awake long enough to read more than the first paragraph of the http specification). I've already got the $r->note_basic_auth_failure; call in the code
The code is very straightforward
sub handler { my $r = shift; my($res, $sent_pw) = $r->get_basic_auth_pw; return $res if $res != OK; my $user = $r->connection->user; unless($user and $sent_pw) { $r->note_basic_auth_failure; $r->log_reason("Both a username and password must be provided" +, $r->filename); return AUTH_REQUIRED; }
And at the end
return FORBIDDEN if ($encrypt_passwd ne $glas_password); # Got this far - guess we can let them in return OK; } 1; __END__

Replies are listed 'Best First'.
Re: Re: Re: Apache AuthType problem
by tomhukins (Curate) on Feb 21, 2001 at 21:38 UTC
    At the end where you have
    return FORBIDDEN if ($encrypt_passwd ne $glas_password);
    you should have
    if ($encrypt_passwd ne $glas_password) { $r->note_basic_auth_failure; $r->log_reason("Invalid password", $r->filename); return AUTH_REQUIRED; }

    Returning FORBIDDEN tells the client that their credentials are valid (ie. they entered a valid username/password combination) but that they aren't allowed to access this resource.

    I suggest you take a quick look at the difference between PerlAuthenHandler and PerlAuthzHandler. As I mentioned earlier in this thread, you shouldn't use FORBIDDEN in a PerlAuthenHandler.

    I know what you mean about the HTTP spec, I've been meaning to read it thoroughly for the past 6 years, but it's too scary :-)

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://59974]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (3)
As of 2024-03-28 13:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found