Re: [cgiwrap-users] Authentication without .htaccess
Brought to you by:
nneul
Menu
▾
▴
Re: [cgiwrap-users] Authentication without .htaccess
|
From: Eetu H. <eh...@ik...> - 2002-11-30 02:24:59
|
On la, 2002-11-30 at 01:52, Nathan Neulinger wrote: > I've actually looked at this a bit recently, but not thoroughly. The > approach I take with cgiwrap and authentication is to have all or > nothing authentication w/ one database. > > Problem is - there is no way to trigger/require authentication from a > cgi script without help from the web server. Apache does not export the > HTTP_AUTHORIZATION value to scripts (for good reason). So, you pretty > much have to have a central db for authentication. I understand this and I'm not complaining about it. It's just that the computing facilities administration of the university isn't too helpful, to say the least. > Without the central DB, your best bet would probably be to front-end the > twiki scripts with a cgi (that doesn't read it's STDIN) that uses > cookies for authentication. Or find a cookie-auth plugin for twiki if > something like that exists. Yes, and that's what I'm really looking for. I just haven't been able to find either. There's a plugin for TWiki that enables the use of cookies for sessions but it doesn't affect the authentication in any way. Most authentication cgi scripts use .htaccess and those which don't, usually are more complex than what I need. If anyone knows of a script that could serve as a "front-end" for the TWiki scripts, please let me know. I'm kind of in a hurry here, the site's supposed go public in a couple of days... -- Eetu Huisman <eh...@ik...> > On Fri, 2002-11-29 at 12:49, Eetu Huisman wrote: > > I'm trying to set up TWiki for the site of my students' organization. > > The site is hosted by the university and the environment is best > > described as paranoid. After a long search I finally found a content > > management system which is at least somehow compatible with cgiwrap, but > > now I'm in trouble... > > > > I've read all the discussions in the archive regarding cgiwrap's problem > > with .htaccess and tried to get the administration of the server to help > > me, but it wasn't possible because the excact server doesn't have a > > centralized user database and using one from a remote server would force > > the use of ssl, which isn't available. > > > > I guess many people have solved this problem before me and now I'm > > begging for advice. I'm in no way a professional/experienced perl or cgi > > (let alone http (yes, I do mean the protocol)) programmer, so I'd prefer > > a readymade authentication library/script which could be used to replace > > .htaccess and .htpasswd in cgi scripts. > > > > TWiki's registration uses .htpasswd, so I would prefer this alternative > > authentication method to use it as well, but this is of course not > > obligatory. |
