Bug #889


AUTH_TYPE env variable for *cgi

Added by tkruthoff over 17 years ago. Updated about 12 years ago.

Target version:


section 4.1.1 of RFC 3875 (cgi spec) requires the server to set a AUTH_TYPE env declaring the type of authentication used. (see and the comments I provided in the attached diff)

I set the ticket priority to high because this bug broke MoinMoin w/ HTTP Authentication and I'm sure there are other apps that depend on AUTH_TYPE being set to function properly.

This is my first contribution to an open source project (this was a find and then copy/paste), but look forward to more so please let me know if I'm using proper procedure and etiquette.


Actions #1

Updated by nigel over 17 years ago

This variable is also missing from mod_cgi.

Suggest mod_auth stash the method as well as the user, rather than reparsing
the information out again in several different places.
However that requires the connection structure to be modified to make space
for this.

Actions #2

Updated by oherrala about 17 years ago

I just got MoinMoin's HTTP authentication to work without this patch. This is a workaround while waiting a correct(TM) fix.

With mod_setenv it's possible to set

setenv.add-environment = ( "AUTH_TYPE" => "Digest" ) # Or "Basic"

in the config around where you set up MoinMoin and now it works as expected. But I don't have a clue how this affects security. Be warned.

Actions #3

Updated by darix about 17 years ago

  • Status changed from New to Assigned

fixed in r1741

but the real fix would be in mod_auth. the auth module should set the environment variable and the mod_*cgi*/mod_*proxy* just copy the environment to the backend.

so for 1.4.15 and 1.5 we should apply the better fix

Actions #4

Updated by jan almost 17 years ago

  • Status changed from Assigned to Fixed
  • Resolution set to fixed
Actions #5

Updated by stbuehler over 12 years ago

  • Subject changed from AUTH_TYPE variable for fastcgi to AUTH_TYPE env variable for *cgi
  • Description updated (diff)
  • Status changed from Fixed to Reopened
  • Priority changed from High to Normal
  • Target version changed from 1.4.15 to 1.4.31
  • Missing in 1.5.x set to No
Actions #6

Updated by stbuehler over 12 years ago

  • Category deleted (mod_fastcgi)
Actions #7

Updated by stbuehler about 12 years ago

  • Status changed from Reopened to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2833.


Also available in: Atom