That would be an option, however, from a security standpoint, it is not always the most sensible option.
 
I would prefer to switch to Digest authentication, and use the AuthDigestDomain-directive to include your cgi-script in the cgi-bin.
See http://httpd.apache.org/docs-2.0/mod/mod_auth_digest.html#authdigestdomain for more details.
 
Kind Regards,
Sander Holthaus
----- Original Message -----
From: Andrew Kenna
To: users@httpd.apache.org
Sent: Tuesday, December 03, 2002 10:54 PM
Subject: RE: [users@httpd] Remote User Variable

Yep, you need to set the permissions on the cgi script in each directory you move it to. Also you will need to set ExecCgi on the directory the cgi script lives in
 
Andrew
 
-----Original Message-----
From: John Elser [mailto:jElser@ck8.uscourts.gov]
Sent: Wednesday, 4 December 2002 4:41 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Remote User Variable

My secured area is set up as /local/web/htdocs/coa/secure/shell.  This script then calls a script that is in /cgi-bin.  But, from what you are telling me, the REMOTE USER variable will not get passed to the script in /cgi-bin.  When I move my other script out of the /cgi-bin directory and put it under the /local/web/htdocs/coa/secure/shell directory, it doesn't execute.  I merely displays the script instead of executing it.
 
Thanks,
 
John
----- Original Message -----
From: Sander Holthaus - Orange XL
To: users@httpd.apache.org
Sent: Monday, December 02, 2002 11:33 AM
Subject: Re: [users@httpd] Remote User Variable

The problem lies in the second script. Your REMOTE_USER-variable is ONLY passed on to resoures in or below /local/web/htdocs/coa/secure/shell. This is logical, because that is where you said Authenticiation was required. The REMOTE_USER variable will only be availble if a client needed to authorize itself.
An other problem could be how the script was called. Is it called by Apache or another script?
 
Kind Regards,
Sander Holthaus 
----- Original Message -----
From: John Elser
To: users@httpd.apache.org
Sent: Monday, December 02, 2002 6:11 PM
Subject: Re: [users@httpd] Remote User Variable

Thanks for the reply!  I really appreciated it.
 
The way it is working now is that the login/password box comes up when the user accesses a script that is in /local/web/htdocs/coa/secure/shell.  That part is working fine.  But, I have another script that eventually gets called that needs to check to see who this user is.  This script is not in the same directory.  For some reason, the REMOTE USER variable isn't being passed or isn't being set.
 
For what I'm doing, Basic is enough security...that is, if I can tell who a particular user is.
 
Any suggestions on what could be the problem?
 
Thanks again,
 
John
----- Original Message -----
Sent: Monday, December 02, 2002 11:11 AM
Subject: Re: [users@httpd] Remote User Variable

Where is that script located? It it under the directory /local/web/htdocs/coa/secure/shell?
 
Also, using AuthType Basic is in no way secure. Looked at AuthType Digest yet?
 
Kind regards,
Sander Holthaus
----- Original Message -----
From: John Elser
Sent: Monday, December 02, 2002 4:12 PM
Subject: [users@httpd] Remote User Variable

I want to pass the user's login to my script.  My httpd.conf file has this:
<Directory "/local/web/htdocs/coa/secure/shell">
AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /usr/local/apache/bin/apachepw
Require user jde hml skt
</Directory>
 
I get prompted for a login and password and I'm able to login in.   I then have another script that checks for the user name. 
 
My script contains this code (the script then goes into a series of if statements):
$uname = $ENV{'REMOTE_USER'};
 
But $uname is not being set to the user's login. 
 
When I installed apache, I simply downloaded the binary version of it and did a pkgadd on my solaris 8 system.  Do I need to add an apache module and compile apache before I can determine who gets prompted for a login and password? Or am I missing something else?
 
Thanks,
John