AUTH_TYPE env variable for *cgi
|Missing in 1.5.x:||No|
section 4.1.1 of RFC 3875 (cgi spec) requires the server to set a AUTH_TYPE env declaring the type of authentication used. (see http://tools.ietf.org/html/rfc3875#page-11 and the comments I provided in the attached diff)
I set the ticket priority to high because this bug broke MoinMoin w/ HTTP Authentication and I'm sure there are other apps that depend on AUTH_TYPE being set to function properly.
This is my first contribution to an open source project (this was a find and then copy/paste), but look forward to more so please let me know if I'm using proper procedure and etiquette.
#2 Updated by oherrala about 6 years ago
I just got MoinMoin's HTTP authentication to work without this patch. This is a workaround while waiting a correct(TM) fix.
With mod_setenv it's possible to set
setenv.add-environment = ( "AUTH_TYPE" => "Digest" ) # Or "Basic"
in the config around where you set up MoinMoin and now it works as expected. But I don't have a clue how this affects security. Be warned.
#3 Updated by darix about 6 years ago
- Status changed from New to Assigned
fixed in r1741
but the real fix would be in mod_auth. the auth module should set the environment variable and the mod_*cgi*/mod_*proxy* just copy the environment to the backend.
so for 1.4.15 and 1.5 we should apply the better fix
#5 Updated by stbuehler over 1 year ago
- Subject changed from AUTH_TYPE variable for fastcgi to AUTH_TYPE env variable for *cgi
- Description updated (diff)
- Status changed from Fixed to Reopened
- Priority changed from High to Normal
- Target version changed from 1.4.15 to 1.4.31
- Missing in 1.5.x set to No
Also available in: Atom