[mod_python] mod_python authentication

Graham Dumpleton grahamd at dscpl.com.au
Tue Nov 22 19:29:59 EST 2005 

Graham Dumpleton wrote ..
> Bjorn Sundberg wrote ..
> > Is there a way do use http digest authentication?
> 
> No. HTTP digest authentication and mod_python.publisher are currently
> incompatible. See:
> 
>   http://issues.apache.org/jira/browse/MODPYTHON-47
> 
> It is actually a simple fix, but wasn't done for mod_python 3.2.
> 
> Even if fixed, the HTTP digest authentication has to be done by Apache,
> it cannot be done by mod_python.publisher when using __auth__ etc.
> The fix is merely to stop mod_python.publisher barfing when it is being
> done by Apache.

Actually, as usual there is nearly always a way to fudge things. You could
still use Apache HTTP digest authentication (managed by Apache) and
still use mod_python.publisher by having an authenhandler() which
deleted the "Authorization" header so that mod_python.publisher didn't
find it and therefore didn't barf.

  def authenhandler(req):

    if req.headers_in.has_key("Authorization"):
       del req.headers_in["Authorization"]

    ... etc.

I haven't tried this, but it should work.

Graham

More information about the Mod_python mailing list