thm at duke.edu
Fri Aug 16 20:59:42 EST 2002
On Fri, 2002-08-16 at 20:12, Hunter Matthews wrote: > > As soon as you add that line, Apache will report an internal server > > error until you give it an AuthName, AuthType, and some sort of > > Authentication handler. I added a stub handler which accepts any > > username and password. > > > > Once those are all present, then Apache will happily run the > > AuthzHandler whenever the AuthenHandler returns OK. Answered my own question - > In this particular application, I don't think the authorization will > work quite like that: > > I don't get a user:password from a browser, this is an xmlrpc client > that sends authentication/authorization information in custom HTTP > headers. > > If you are deciding to allow or deny access based just on the contents > of headers, which Handler would you pick? Authen and Authz - you simply do whatever authentication and authorization you want - if you're not doing user/password, don't call those apache methods - roll your own. Again, thanks to everyone on the list, esp Ian, who helped me understand just how this works. -- Hunter Matthews Unix / Network Administrator Office: BioScience 145/244 Duke Univ. Biology Department Key: F0F88438 / FFB5 34C0 B350 99A4 BB02 9779 A5DB 8B09 F0F8 8438 Never take candy from strangers. Especially on the internet.