[mod-security-users] Finding out a password from basic auth?
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Finding out a password from basic auth?
|
From: Toby A I. <to...@go...> - 2003-09-16 21:10:55
|
This is one of those questions that is either laughably easy or impossibly difficult. Unfortunately I am as yet unable to decide which it is. I have a directory on my server that is protected using basic HTTP authentication (it's over SSL so don't worry about that!). Everything is working fine and dandy there. Now, CGI scripts within this directory can obtain the user name of someone visiting through the REMOTE_USER environment variable. However, I also need to access the remote password (so that I can pass it on log in to a mail server), which doesn't seem possible. Numerous resources on the web seem to mention REMOTE_PASSWORD, but their authors seem to be living in a dream world. :-) I am well aware that there are potential security issues with allowing any script on the server to access this piece of information, but I don't think any apply in this particular case. So does anyone know of some obscure configuration directive to tell Apache to set ta REMOTE_PASSWORD environment variable? Or would I need to hack the source code? If the latter, has anyone already done it and can send me a patch? Using: mod_auth_pam 1.1.1 (authenticating via samba) Apache 1.3.27 Mandrake Linux 9.1 Thanks in advance, -- Toby A Inkster BSc (Hons) ARCS Contact Me - http://www.goddamn.co.uk/tobyink/?id=132 |
