Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

passing header variable values to remote_user

Russ Allbery eagle at
Tue Feb 27 13:07:17 PST 2007

John DeStefano <john.destefano at> writes:

> My colleague has set up Webauth to authenticate users before hitting
> applications on remote servers, and I wonder if you can help us with an
> issue that is preventing the authentication process from working
> properly in some cases.

> We need to get a user ID passed from a Webauth server into the
> remote_user variable on application servers.  We're able to set a custom
> variable (http_x_myremote_user) and get the proper ID value, but when we
> try and pass this as remote_user (remote_user -->
> $http_x_myremote_user), http_x gets prepended to the user ID value, and
> the application can't match this string to a user ID.

> On the Apache side, our limited understanding of mod_setenvif tells us
> that SetEnvIf can be set to a string, but not to the value of a
> variable.

If you're using Apache, ideally you should just run WebAuth directly on
the servers where you want to authenticate the users.  REMOTE_USER is
special and it's easiest to let an Apache module set it directly.

Failing that, though, I'd look at mod_rewrite, which can set arbitrary
environment variables based on arbitrary other things.  However, I don't
know if Apache will internally override REMOTE_USER.

Russ Allbery <eagle at>
Technical Lead, ITS Unix Systems and Applications, Stanford University

More information about the webauth-info mailing list