Message5957
> Would your use case be handled by this proposal Anthony?
It seems to yes.
I advocate this options again and bring back that Apache have a special
care of REMOTE_USER variable and there is no power to leave it
untouched in a proxy chain.
> John Rouillard added the comment:
> Hi all:
> Does this sound like a reasonable idea?
> Modify the http_auth variable to support:
> yes - use REMOTE_USER, HTTP_AUTHORIZATION (as current)
> no - disable (as current)
> HTTP_* - look for the HTTP_* variable in the env array
> and use the value of that variable like REMOTE_USER.
> E.G. the value HTTP_PROXY-USER or http_proxy-USER
> looks for env['HTTP_PROXY-USER']
>
> We pair that with a new config variable
> pass_headers = proxy-user, X-Free-Registration
> which generates entries:
> env[HTTP_PROXY_USER], env[HTTP_X_FREE_REGISTRATION]
> if the corresponding headers exist.
> So for Anthony to get what he wanted (assuming the header uid_variable
> contains the username) the config:
> http_auth = HTTP_UID_VARIABLE
> pass_headers = uid-variable
> Would your use case be handled by this proposal Anthony?
> Thoughts?
> ----------
> title: New option for web auth -> New option for web auth (also http header passing)
> ________________________________________________
> Roundup tracker <issues@roundup-tracker.org>
> <http://issues.roundup-tracker.org/issue2550837>
> ________________________________________________ |
|
Date |
User |
Action |
Args |
2017-04-21 07:41:51 | antmail | set | recipients:
+ antmail, ber, rouilj, techtonik, jerrykan |
2017-04-21 07:41:51 | antmail | link | issue2550837 messages |
2017-04-21 07:41:50 | antmail | create | |
|