Re: [Erlyaws-list] Authentication headers question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

For the first option, the change can be from (line 1230 onwards of yaws_config.erl): 

['<', "/auth", '>'] ->
            Pam = Auth#auth.pam,
            Users = Auth#auth.users,
            Realm = Auth#auth.realm,
            A2 =  case {Pam, Users} of
                    {false, []} ->
                         Auth;
                      _ ->
                          H = Auth#auth.headers ++ yaws:make_www_authenticate_header({realm, Realm}),
                          Auth#auth{headers = H}
                  end,
            C2 = C#sconf{authdirs = [A2|C#sconf.authdirs]},
            fload(FD, server, GC, C2, Cs, Lno+1, Next);

to

['<', "/auth", '>'] ->
            Pam = Auth#auth.pam,
            Users = Auth#auth.users,
            Realm = Auth#auth.realm,
            A2 =  case {Pam, Users} of
                    {false, []} ->
                          case Auth#auth.headers of
                              [] ->
                                  if 
                                      is_atom(Auth#auth.mod) ->
                                          Auth#auth{headers = yaws:make_www_authenticate_header({realm, Realm})};
                                      true ->
                                          Auth
                                  end;
                              _ ->
                                  Auth
                          end;
                      _ ->
                          H = Auth#auth.headers ++ yaws:make_www_authenticate_header({realm, Realm}),
                          Auth#auth{headers = H}
                  end,
            C2 = C#sconf{authdirs = [A2|C#sconf.authdirs]},
            fload(FD, server, GC, C2, Cs, Lno+1, Next);

Thanks,

Di, Yu
11.17

________________________________
From: Yu Di <diy...@ya...>
To: erl...@li...
Sent: Tue, November 17, 2009 9:18:11 AM
Subject: Authentication headers question

Hi, from the source code of yaws_config.erl, it looks like if I use an authentication module, I must provide an authentication header by exporting a get_header() function, otherwise the Auth#auth.header field will be empty (because PAM is disabled and no user/password pair is given). This makes it difficult to share the same authentication module code between different servers with different realms. Can we change the code in one of the following three ways?

(1) in the handling of </auth>, if header field remains empty AND an authentication module name is given, then use the realm field to construct a default authentication header
(2) pass a parameter  (maybe the whole sconf struct) to get_header() function, this function is not documented anyway.
(3) allow parameterized authentication module

What do you think? Thanks!

Di, Yu
11.17