For the first option, the change can be from (line 1230 onwards of yaws_config.erl):

['<', "/auth", '>'] ->
            Pam = Auth#auth.pam,
            Users = Auth#auth.users,
            Realm = Auth#auth.realm,
            A2 =  case {Pam, Users} of
                    {false, []} ->
                         Auth;
                      _ ->
                          H = Auth#auth.headers ++ yaws:make_www_authenticate_header({realm, Realm}),
                          Auth#auth{headers = H}
                  end,
            C2 = C#sconf{authdirs = [A2|C#sconf.authdirs]},
            fload(FD, server, GC, C2, Cs, Lno+1, Next);

to

['<', "/auth", '>'] ->
            Pam = Auth#auth.pam,
            Users = Auth#auth.users,
            Realm = Auth#auth.realm,
            A2 =  case {Pam, Users} of
                    {false, []} ->
                          case Auth#auth.headers of
                              [] ->
                                  if
                                      is_atom(Auth#auth.mod) ->
                                          Auth#auth{headers = yaws:make_www_authenticate_header({realm, Realm})};
                                      true ->
                                          Auth
                                  end;
                              _ ->
                                  Auth
                          end;
                      _ ->
                          H = Auth#auth.headers ++ yaws:make_www_authenticate_header({realm, Realm}),
                          Auth#auth{headers = H}
                  end,
            C2 = C#sconf{authdirs = [A2|C#sconf.authdirs]},
            fload(FD, server, GC, C2, Cs, Lno+1, Next);

Thanks,

Di, Yu
11.17


From: Yu Di <diyu60607@yahoo.com>
To: erlyaws-list@lists.sourceforge.net
Sent: Tue, November 17, 2009 9:18:11 AM
Subject: Authentication headers question

Hi, from the source code of yaws_config.erl, it looks like if I use an authentication module, I must provide an authentication header by exporting a get_header() function, otherwise the Auth#auth.header field will be empty (because PAM is disabled and no user/password pair is given). This makes it difficult to share the same authentication module code between different servers with different realms. Can we change the code in one of the following three ways?

(1) in the handling of </auth>, if header field remains empty AND an authentication module name is given, then use the realm field to construct a default authentication header
(2) pass a parameter  (maybe the whole sconf struct) to get_header() function, this function is not documented anyway.
(3) allow parameterized authentication module

What do you think? Thanks!

Di, Yu
11.17