Auto set basic auth username/password

cLive ;-) has asked for the wisdom of the Perl Monks concerning the following question:

greetings brothers,

I think this is slightly OT but...

Is it possible to set an auth username/password combo for a browser from a cgi script *without8 the user having to enter a login/password in the auth-pop-up?

Eg: User logs into existing web site system through a web page. A look-up says they can access "Set 4" of some static web pages. The script sets the relevant username/password combo in the browser.

Why do I not want to put all username/passwords in an .htaccess file?

simplicity - 4 groups of users, 4 sets of pages, 4 auth username/password combos
I'm a little uncomfortable having a few thousand username/passwords in an .htaccess file - this would affect performance, no?
if i can just do that, the rest of my code is already mapped out.

Is there an HTTP header I can set from the server that would force a username/password auth combo on a browser?

Or is there an easier way to do this?

Thoughts greatly appreciated.

cLive ;-)

Comment on Auto set basic auth username/password

Replies are listed 'Best First'.
Re: Auto set basic auth username/password by Zaxo (Archbishop) on Jul 04, 2001 at 09:31 UTC
Why do I not want to put all username/passwords in an .htaccess file? simplicity - 4 groups of users, 4 sets of pages, 4 auth username/password combos I'm a little uncomfortable having a few thousand username/passwords in an .htaccess file - this would affect performance, no? if i can just do that, the rest of my code is already mapped out. There is no need to put all those names in .htaccess. 'require valid-user' will suffice for overall access, and 'require group admin,custodial' to limit access to particular areas. See the Apache docs for setting up the password and group files. After Compline, Zaxo	[reply]
Re: Auto set basic auth username/password by Anonymous Monk on Jul 04, 2001 at 08:32 UTC
I'm a little uncomfortable having a few thousand username/passwords in an .htaccess file - this would affect performance, no? Look at mod_auth_db and mod_auth_dbm which will allow you to use a Berkeley DB or other DBM instead of a flat text file.	[reply]
Re: Auto set basic auth username/password by cLive ;-) (Prior) on Jul 04, 2001 at 10:12 UTC
Sorry, I should have explained. I only know the server will have .htacess files, not how it will be configured (hosted on many servers with different set-ups. I think i might have to try another approach... Thanks anyway. cLive ;-)	[reply]
Re: Auto set basic auth username/password by mattr (Curate) on Jul 04, 2001 at 14:29 UTC
The Non authenticated access for internal IPs, Authenticated for external IPs section of the mod_perl guide's chapter on security may help. It provides code which, using PerlAuthenHandler and PerlAccessHandler, lets you make your own callbacks for those Apache phases. The example passes users based on their IP addresses. If you wanted to use a cookie you might be able to do this with Apache::AuthCookie. I haven't done these things but would be interested to see how your work goes.	[reply]
Re (tilly) 1: Auto set basic auth username/password by tilly (Archbishop) on Jul 04, 2001 at 08:47 UTC
Put name and password in URLs I wouldn't personally use it in this circumstance, but there you have it.	[reply]
Re (tilly) 1: Auto set basic auth username/password by cLive ;-) (Prior) on Jul 04, 2001 at 10:07 UTC
Thanks, but not really useful - I don't want the end user to know what their login/password combo is. I guess what I really want to know is if an Auth login can be made if the browser doesn't request it. cLive ;-)	[reply]
Re: Auto set basic auth username/password by traveler (Parson) on Jul 04, 2001 at 19:52 UTC
In what I believe to be a similar situation I have set a cookie on the user's machine with his/her authorization "level". When a user tries to access a page, I check the cookie. The cookie is encrypted so a clever user cannot see the value.	[reply]