[mod_python] problem w/ authen handler

Bud P. Bruegger bud at comune.grosseto.it
Thu May 19 10:27:12 EDT 2005

I'm a beginner and hope someone can straighten me out.

I am trying to write a simple handler that clicks in after mod-ssl has 
requested a certificate from the client.  Depending on the type of client 
token (European eID cards), I'd like the handler to look at the client's 
subject DN derive (by string manipulation or by lookup) a nationally unique 
ID for the card holder.

Sounds simple enough--but I can't get it to work.  I tried both, the authen 
and the authz handlers.  But neither from mod-ssl's +fakeBasicAuth nor from 
the handlers req.user = 'xxx' do I get a REMOTE_USER env variable 
set.  Also the test evironment variable that I try to set in the 
authen/authz handler doesn't have effect.

Does this possibly mean that the authen/authz handlers are not called at 
all in my configuration?  Should I use a different handler and which?  Or 
did I simply mess up something else?

Any help is highly appreciated!


here the details of what I tried:

<VirtualHost *:443>
         SSLCertificateFile /etc/apache2/ssl/apache.pem
       # no client cert verification for Demo:
         SSLVerifyClient optional_no_ca
       # SSLCACertificatePath /etc/apache2/ssl/trusted/
       # SSLVerifyDepth 3
         LogLevel debug
         SSLEngine on
         DocumentRoot /var/www/

     <Directory /var/www/sc>
         SSLOptions +StdEnvVars +ExportCertData +FakeBasicAuth +StrictRequire
         SetHandler mod_python
         PythonHandler test
         PythonAuthzHandler test
         PythonDebug On


and test.py:

from mod_python import apache

def authzhandler(req):
     #return apache.HTTP_UNAUTHORIZED
     return apache.OK

def handler(req):
     req.content_type = "text/plain"
     req.write("Environment Variables\n----------------------\n\n")
     for item in req.subprocess_env.items():
         req.write("%s: %s\n" % item)
     return apache.OK

Ing. Bud P. Bruegger, Ph.D.                 +39-0564-488577 
(voice),  -21139 (fax)
Servizio Elaborazione Dati                    e-mail:  bud at comune.grosseto.it
Comune di 
Grosseto                            http://www.comune.grosseto.it/cie/
Via Ginori, 
43                                      http://OpenPortalGuard.sf.net
58100 Grosseto (Tuscany, Italy)           jabber:  bud at amessage.info

Free Software in Public Administration:  not just a good idea, but a necessity

Perfection is attained, not when there is nothing more to be added, but 
when there is nothing more to be taken away -- Antoine de Saint-Exupery 

More information about the Mod_python mailing list