Project

General

Profile

Actions

Bug #889

closed

AUTH_TYPE env variable for *cgi

Added by tkruthoff over 17 years ago. Updated almost 12 years ago.

Status:
Fixed
Priority:
Normal
Category:
-
Target version:
ASK QUESTIONS IN Forums:

Description

section 4.1.1 of RFC 3875 (cgi spec) requires the server to set a AUTH_TYPE env declaring the type of authentication used. (see http://tools.ietf.org/html/rfc3875#page-11 and the comments I provided in the attached diff)

I set the ticket priority to high because this bug broke MoinMoin w/ HTTP Authentication and I'm sure there are other apps that depend on AUTH_TYPE being set to function properly.

This is my first contribution to an open source project (this was a find and then copy/paste), but look forward to more so please let me know if I'm using proper procedure and etiquette.


Files

Actions #1

Updated by nigel over 17 years ago

This variable is also missing from mod_cgi.

Suggest mod_auth stash the method as well as the user, rather than reparsing
the information out again in several different places.
However that requires the connection structure to be modified to make space
for this.

Actions #2

Updated by oherrala almost 17 years ago

I just got MoinMoin's HTTP authentication to work without this patch. This is a workaround while waiting a correct(TM) fix.

With mod_setenv it's possible to set

setenv.add-environment = ( "AUTH_TYPE" => "Digest" ) # Or "Basic"

in the config around where you set up MoinMoin and now it works as expected. But I don't have a clue how this affects security. Be warned.

Actions #3

Updated by darix almost 17 years ago

  • Status changed from New to Assigned

fixed in r1741

but the real fix would be in mod_auth. the auth module should set the environment variable and the mod_*cgi*/mod_*proxy* just copy the environment to the backend.

so for 1.4.15 and 1.5 we should apply the better fix

Actions #4

Updated by jan over 16 years ago

  • Status changed from Assigned to Fixed
  • Resolution set to fixed
Actions #5

Updated by stbuehler about 12 years ago

  • Subject changed from AUTH_TYPE variable for fastcgi to AUTH_TYPE env variable for *cgi
  • Description updated (diff)
  • Status changed from Fixed to Reopened
  • Priority changed from High to Normal
  • Target version changed from 1.4.15 to 1.4.31
  • Missing in 1.5.x set to No
Actions #6

Updated by stbuehler about 12 years ago

  • Category deleted (mod_fastcgi)
Actions #7

Updated by stbuehler almost 12 years ago

  • Status changed from Reopened to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2833.

Actions

Also available in: Atom