Search Mailing List Archives
passing header variable values to remote_user
eagle at windlord.stanford.edu
Tue Feb 27 13:07:17 PST 2007
John DeStefano <john.destefano at gmail.com> writes:
> My colleague has set up Webauth to authenticate users before hitting
> applications on remote servers, and I wonder if you can help us with an
> issue that is preventing the authentication process from working
> properly in some cases.
> We need to get a user ID passed from a Webauth server into the
> remote_user variable on application servers. We're able to set a custom
> variable (http_x_myremote_user) and get the proper ID value, but when we
> try and pass this as remote_user (remote_user -->
> $http_x_myremote_user), http_x gets prepended to the user ID value, and
> the application can't match this string to a user ID.
> On the Apache side, our limited understanding of mod_setenvif tells us
> that SetEnvIf can be set to a string, but not to the value of a
If you're using Apache, ideally you should just run WebAuth directly on
the servers where you want to authenticate the users. REMOTE_USER is
special and it's easiest to let an Apache module set it directly.
Failing that, though, I'd look at mod_rewrite, which can set arbitrary
environment variables based on arbitrary other things. However, I don't
know if Apache will internally override REMOTE_USER.
Russ Allbery <eagle at windlord.stanford.edu>
Technical Lead, ITS Unix Systems and Applications, Stanford University
More information about the webauth-info