AUTH_TYPE env variable for *cgi
section 4.1.1 of RFC 3875 (cgi spec) requires the server to set a AUTH_TYPE env declaring the type of authentication used. (see http://tools.ietf.org/html/rfc3875#page-11 and the comments I provided in the attached diff)
I set the ticket priority to high because this bug broke MoinMoin w/ HTTP Authentication and I'm sure there are other apps that depend on AUTH_TYPE being set to function properly.
This is my first contribution to an open source project (this was a find and then copy/paste), but look forward to more so please let me know if I'm using proper procedure and etiquette.
Updated by nigel over 17 years ago
This variable is also missing from mod_cgi.
Suggest mod_auth stash the method as well as the user, rather than reparsing
the information out again in several different places.
However that requires the connection structure to be modified to make space
Updated by oherrala almost 17 years ago
I just got MoinMoin's HTTP authentication to work without this patch. This is a workaround while waiting a correct(TM) fix.
With mod_setenv it's possible to set
setenv.add-environment = ( "AUTH_TYPE" => "Digest" ) # Or "Basic"
in the config around where you set up MoinMoin and now it works as expected. But I don't have a clue how this affects security. Be warned.
Updated by darix almost 17 years ago
- Status changed from New to Assigned
fixed in r1741
but the real fix would be in mod_auth. the auth module should set the environment variable and the mod_*cgi*/mod_*proxy* just copy the environment to the backend.
so for 1.4.15 and 1.5 we should apply the better fix
Updated by stbuehler about 12 years ago
- Subject changed from AUTH_TYPE variable for fastcgi to AUTH_TYPE env variable for *cgi
- Description updated (diff)
- Status changed from Fixed to Reopened
- Priority changed from High to Normal
- Target version changed from 1.4.15 to 1.4.31
- Missing in 1.5.x set to No
Also available in: Atom