You may be out of luck. mod_perl is integrated with Apache, and can do things that CGI scripts cannot.

I'm really trying to avoid a double login process.

The common way to do this is to forgo web server authentication (i.e., .htaccess control) entirely, relying instead on application-level login. Can you say more about why you need both?

The site has a combination of public content, static group content and dynamic private content.

The public content is easy, standard stuff.

The static group content will be items such as information, forms, and downloads which is available to any and all approved users.

The dynamic private content is specific to user. These would be reports composed of information specific to the exact user.

The dynamic private content will be served through Perl scripts. This will most likely be controlled by cookiers following a successful login.

I would rather control access to the static group content via htaccess authenticate so that update of the pages does not intermingle with the Perl scripts. This allows a slightly less trained person to do the updates. HTML and FTP knowledge rather than Perl background. i.e. cheaper labor for da boss.

Obviously the easy solution is to have the users login twice. Once when they need access to the group material, and then again when they need access to any private material.

Da boss is annoyed by the double login and I'm trying to find a way around this. Hence the grasping at straws....

Thanks, Claude

The site has a combination of public content, static group content and dynamic private content.

I have a site like this. The scripts that generate dynamic content require an appropriate login cookie, and the data that they use is kept in a folder that is not visible to the web server. No apache authentication is required. Works fine, though it does mean that I have to do downloads via a CGI script, instead of letting the web server handle the details.

I would rather control access to the static group content via htaccess authenticate so that update of the pages does not intermingle with the Perl scripts.

So keep the perl scripts in a separate directory?

I'm still not seeing why you need .htaccess control.

"I'm really trying to avoid a double login process. "

Sorry, am I missing the point here or is $ENV{'REMOTE_USER'} what you are looking for?

cLive ;-)

--
seek(JOB,$$LA,0);

Since I've seen warnings within the pages of Perlmonk that $ENV{'REMOTE_USER'} can be spoofed I'd rather not use that. And I don't believe it could answer the whole problem in any case.

I'm simply trying to find a means to avoid a double login process on a system which requires some directories be password protected using the standard htaccess authentification and some content be password protected through Perl scripts which then assemble dynamic reports to be sent to the browser.

If not for the fact that I've heard rumors from two different sources that this is possible without mod_perl I'd give up the quest and just force the users to live with the logging in twice problem.

If anyone knows for a fact that this is not possible I don't mind taking the bad news to my boss. I just don't want to be sitting there with egg on the face when somewhere out of the woodwork comes the news that it's easy if you just do .....

In any case, I hope that somewhere within these words I've clarified the point.

Claude

$ENV{'REMOTE_USER'} cannot be spoofed. It is environment variable which is set by Apache on the basis of authorization results. If your Apache configuration is secure you can trust it.

--
Ilya Martynov (http://martynov.org/)