HTTP authentication module

dash2 has asked for the wisdom of the Perl Monks concerning the following question:

Howdy!

I'm looking for a module to find out who is logged in via standard Apache authentication - the username and possibly the password provided to Apache. But I'm NOT using mod_perl. Looked at Apache::Htpasswd, and that doesn't do it... I don't want to have to ask the user for their login twice.

andramoiennepemousapolutropon

Comment on HTTP authentication module

Replies are listed 'Best First'.
Re: HTTP authentication module by robartes (Priest) on Mar 20, 2003 at 19:16 UTC
In CGI, the REMOTE_USER environment variable is set with this information. If you are using CGI.pm, you can access this with: `my $query=CGI->new(); my $user=$query->remote_user();` [download] Otherwise you can do: `my $user=$ENV{'REMOTE_USER'};` [download] I know no method of retrieving the password ~~(that doesn't mean there isn't one though :) )~~. Update: Removed comment that implied retrieving passwords is condonable (sp?). It's not. CU Robartes-	[reply] [d/l] [select]
•Re: Re: HTTP authentication module by merlyn (Sage) on Mar 20, 2003 at 19:22 UTC
Without `mod_perl` (or another custom module), you can't get at the password. This is deliberate. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
Re: HTTP authentication module by dash2 (Hermit) on Mar 20, 2003 at 20:18 UTC
Thanks for your thoughts. I never thought about multiuser situations where you might not want scripts to know the http password of the remote user. OK, suppose I just assume that if a user is in `$ENV{REMOTE_USER}`, s/he is authenticated. Am I exposing myself, beyond the normal problems of http plaintext authentication? andramoiennepemousapolutropon	[reply] [d/l]