[mod_python] how to make fallback authentication

Graham Dumpleton grahamd at dscpl.com.au
Sun Feb 19 00:00:58 EST 2006 

On 18/02/2006, at 4:27 AM, Tomasz Wlodek wrote:

> On Thu, 16 Feb 2006, Graham Dumpleton wrote:
>
>> Unfortunately, to my mind, what would be the proper way of doing this
>> can't current be done in mod_python because it has some stuff missing
>> and doesn't process handlers for the authentication phase  
>> correctly. See:
>>
>>   http://issues.apache.org/jira/browse/MODPYTHON-124
>>   http://issues.apache.org/jira/browse/MODPYTHON-129
>>
>> One question while I think of a good suggestion, how are you setting
>> AuthType, AuthName and Requires directives to ensure that the  
>> mod_python
>> authenhandler is being run in the first place?
>>
>> Graham
>
> in mod python configuration I put:
>
> <Directory /var/www/my_directory/cgi>
>     AddHandler mod_python .py
>     PythonHandler myhandler
>     PythonAuthenHandler myhandler
>     PythonDebug on
>     PythonPath "sys.path + ['/root/my_mod_python_handlers']"
>     require valid-user
> </Directory>
>
> This forces the authentication handler to run.
>
> If I add
>
> AuthType Basic
> AuthName "Restricted Area"
>
> lines, if always triggers apache to ask for user id and pwd, which  
> is not
> what I want. I want apache to ask for user id and pwd only if user  
> has no
> valid certificate.

Yes, that is what one would expect. I don't recollect saying that  
AuthType should
be set to "Basic". Use of "Basic" for AuthType in the JIRA issue is  
there to illustrate
something else. You also though don't have to use a redirect to pass  
the request
through a basic authentication handler as your original code  
suggested you
want to do though. You will though as suggested by someone else need to
implement the handshake for basic authentication yourself, as you  
don't have
access to the internal Apache API functions for dealing with basic  
authentication
and even if you did, they in part expect AuthType to be set to  
"Basic" which will
not be the case. The code I posted was an implementation of the  
handshake
for basic authentication to get around that. All you need to do is  
integrate that
in the place where you were intending to do the redirect,

Graham

More information about the Mod_python mailing list