1.1 --- a/docs/ModPython/NOTES.txt Sun Feb 08 21:42:02 2004 +0000
1.2 +++ b/docs/ModPython/NOTES.txt Sun Feb 08 21:42:21 2004 +0000
1.3 @@ -27,3 +27,34 @@
1.4
1.5 /agenda/my-agenda.simple
1.6 /simple/tasks/my-tasks.simple
1.7 +
1.8 +--------
1.9 +
1.10 +Authentication/authorisation in mod_python:
1.11 +
1.12 +Whilst WebStack applications are permitted to send the "WWW-Authenticate"
1.13 +header to HTTP clients, Apache appears to avoid defining the current user
1.14 +unless various Auth directives have been applied to such applications in the
1.15 +httpd.conf file, and since Apache sends such authentication headers when such
1.16 +directives have been applied in the configuration, WebStack applications seem
1.17 +to have limited control over the precise circumstances of authentication
1.18 +itself.
1.19 +
1.20 +Consequently, it is necessary to define authentication methods in the
1.21 +httpd.conf file as in the following example:
1.22 +
1.23 +Alias /auth "/home/paulb/Software/Python/WebStack/examples/ModPython/AuthApp"
1.24 +
1.25 +<Directory "/home/paulb/Software/Python/WebStack/examples/ModPython/AuthApp">
1.26 + AddHandler python-program .py
1.27 + PythonHandler AuthHandler
1.28 + PythonDebug On
1.29 + AuthType Basic
1.30 + AuthName "AuthResource"
1.31 + AuthUserFile /usr/local/apache2/conf/users
1.32 + require valid-user
1.33 +</Directory>
1.34 +
1.35 +The details of the application's deployment, including the exact pathname of
1.36 +the users file and the appropriate access policy, must obviously be defined
1.37 +according to the actual application concerned.