[mod_python] Complicated GET configuration

Hunter Matthews thm at duke.edu
Fri Aug 16 20:59:42 EST 2002

On Fri, 2002-08-16 at 20:12, Hunter Matthews wrote:
> > As soon as you add that line, Apache will report an internal server 
> > error until you give it an AuthName, AuthType, and some sort of 
> > Authentication handler. I added a stub handler which accepts any 
> > username and password.
> > 
> > Once those are all present, then Apache will happily run the 
> > AuthzHandler whenever the AuthenHandler returns OK.

Answered my own question - 

> In this particular application, I don't think the authorization will
> work quite like that: 
> I don't get a user:password from a browser, this is an xmlrpc client
> that sends authentication/authorization information in custom HTTP
> headers. 
> If you are deciding to allow or deny access based just on the contents
> of headers, which Handler would you pick?

Authen and Authz - you simply do whatever authentication and
authorization you want - if you're not doing user/password, don't call
those apache methods - roll your own.

Again, thanks to everyone on the list, esp Ian, who helped me understand
just how this works.

Hunter Matthews                          Unix / Network Administrator
Office: BioScience 145/244               Duke Univ. Biology Department
Key: F0F88438 / FFB5 34C0 B350 99A4 BB02  9779 A5DB 8B09 F0F8 8438
Never take candy from strangers. Especially on the internet.

More information about the Mod_python mailing list