Mostly copied from mod_auth_basic of apache-2.2.
Only the basic-auth handshake was replaced by code which extracts the userid out of a customzied header field.
No password is written into internal httpd variables. So the authentication has to be validated by mod_authn_anon.
For authorisation any of the authz standard modules could be used.
- accept authentification of a an other server (e.g. reverse proxy)
Be the first to post a review of mod_auth_trustheader!