Re: CGI and REMOTE_USER

robm@ncsa.uiuc.edu (Rob McCool)

Mail folder: WWW Talk Jan 94-present
Next message: Rob McCool: "Re: CGI and REMOTE_USER"
Previous message: M. Strata Rose: "Re: CGI and REMOTE_USER"
In-reply-to: M. Strata Rose: "Re: CGI and REMOTE_USER"

Message-id: <9401260039.AA10395@void.ncsa.uiuc.edu>
From: robm@ncsa.uiuc.edu (Rob McCool)
Date: Tue, 25 Jan 1994 18:39:06 -0600
In-Reply-To: "M. Strata Rose" <strata@fenchurch.MIT.EDU>
       "Re: CGI and REMOTE_USER" (Jan 25,  7:33pm)
X-Mailer: Mail User's Shell (7.2.5 10/14/92)
To: strata@fenchurch.MIT.EDU
Subject: Re: CGI and REMOTE_USER
Cc: George Phillips <phillips@cs.ubc.ca>, www-talk@www0.cern.ch
Content-Length: 1035

/*
 * Re: CGI and REMOTE_USER  by "M. Strata Rose"
 *    written on Jan 25,  7:33pm.
 *
 * 
 * WRT REMOTE_IDENT, I want to put in a request that the variable be able
 * to hold standard PGP or RSA key signatures.  We almost certainly need to
 * define additional variables to do authentication and decryption with, but
 * I thought I would just get the ball rolling a little.
 
httpd 1.1 puts the name which is associated with the user's key in
REMOTE_USER not in REMOTE_IDENT. REMOTE_IDENT is *not* to be trusted under
any circumstances for anything other than simple logging.
 
 * Who out there is already working on "authenticated" Mosaic, ie an http 
 * server which knows to serve encrypted pages to only a select set of users 
 * whose clients will know to decrypt them for display & interpretation?
 */

I already did it. httpd 1.1 and the upcoming Mosaic 2.2 have support for an
experimental PGP or PEM based encryption/decryption protocol. Read about it
at http://hoohoo.ncsa.uiuc.edu/PEMPGP.html if you're interested.

--Rob