AW: auth mechanism and req. record

[prev] [thread] [next] [Date index for 2005/04/22]

	Geoffrey,

	thanks for the quick reply.

> > When you are implementing your own authentication mechanism e.g.
> > in a server using the multiprotocol feature you have to pass two
> > pieces of information to the Auth handler: the name of the auth
> > mechanism used and the data submitted by the client (e.g. a MD5
> > hash).
> > 
> > The name of the auth mechanism can be passed via $r->ap_auth_type().
> > But what is the the correct way to pass the client auth data? Should
> > I use the request notes table to this end?
> 
> I'm not sure I follow what you need but I'll try.
> 
> all data passed from the client is available.  in this 
> instance you probably
> want $r->headers_in->get('Authorization') to grab the authentication
> information sent by the client.

	well, this is the case for HTTP.


	Well I am using a non-HTTP protocol (implemented with the 
	multiprotocol capability of Apache2) where client and server
	negotiate on an auth mechanism (e.g. CRAM-MD5 or CRAM-SHA1).

	These auth mechanisms are implemented in auth handlers which
	are invoked via "$r->run_check_user_id()".

	The auth data (digest) sent by the client are available to the
	protocol handler in the first place and has to be passed to
	the auth handlers to be verified. Now I am looking for a 
	"canonical place" to put the digest data in.

	Does this help to better understand what I am looking for?

		Peter