# HG changeset patch # User paulb # Date 1076276541 0 # Node ID 718bdfeec0449a170cf8acf1aac5b7993b7a8206 # Parent 95e17b0514193556e454bf2c94700ae8cce37b03 [project @ 2004-02-08 21:42:21 by paulb] Added notes about authentication/authorisation in mod_python. diff -r 95e17b051419 -r 718bdfeec044 docs/ModPython/NOTES.txt --- a/docs/ModPython/NOTES.txt Sun Feb 08 21:42:02 2004 +0000 +++ b/docs/ModPython/NOTES.txt Sun Feb 08 21:42:21 2004 +0000 @@ -27,3 +27,34 @@ /agenda/my-agenda.simple /simple/tasks/my-tasks.simple + +-------- + +Authentication/authorisation in mod_python: + +Whilst WebStack applications are permitted to send the "WWW-Authenticate" +header to HTTP clients, Apache appears to avoid defining the current user +unless various Auth directives have been applied to such applications in the +httpd.conf file, and since Apache sends such authentication headers when such +directives have been applied in the configuration, WebStack applications seem +to have limited control over the precise circumstances of authentication +itself. + +Consequently, it is necessary to define authentication methods in the +httpd.conf file as in the following example: + +Alias /auth "/home/paulb/Software/Python/WebStack/examples/ModPython/AuthApp" + + + AddHandler python-program .py + PythonHandler AuthHandler + PythonDebug On + AuthType Basic + AuthName "AuthResource" + AuthUserFile /usr/local/apache2/conf/users + require valid-user + + +The details of the application's deployment, including the exact pathname of +the users file and the appropriate access policy, must obviously be defined +according to the actual application concerned.